Lucene search
GoogleOSV:CVE-2016-10148HistoryJan 18, 2017 - 9:59 p.m.
CVE-2016-10148
2017-01-1821:59:00
Google
osv.dev
13
The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.
Related
prion
prion
Design/Logic Flaw
2017-01-18 21:59:00
Directory traversal
2017-01-18 21:59:00
Cross site request forgery (csrf)
2017-01-18 21:59:00
ubuntucve
ubuntucve
cve
cve
debiancve
debiancve
cvelist
cvelist
nvd
nvd
nessus
nessus
WordPress < 4.6 Multiple Vulnerabilities
2016-08-25 00:00:00
WordPress 4.5.x < 4.6 Multiple Vulnerabilities
2017-02-09 00:00:00
Fedora 25 : wordpress (2016-80a1d6211a)
2016-11-15 00:00:00
openvas
openvas
WordPress Core Ajax handlers CSRF and Directory Traversal Vulnerabilities - Linux
2016-08-26 00:00:00
WordPress Core Ajax handlers CSRF and Directory Traversal Vulnerabilities - Windows
2016-08-26 00:00:00
Fedora Update for wordpress FEDORA-2016-80a1d6211a
2016-12-07 00:00:00
osv
osv
CVE-2016-6896
2017-01-18 21:59:00
CVE-2016-6897
2017-01-18 21:59:00
checkpoint_advisories
checkpoint_advisories
WordPress Admin API Directory Traversal (CVE-2016-6896)
2016-08-29 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: wordpress-4.6-2.fc25
2016-09-08 21:21:45
[SECURITY] Fedora 24 Update: wordpress-4.6.1-1.fc24
2016-09-22 00:36:23
[SECURITY] Fedora 23 Update: wordpress-4.6.1-1.fc23
2016-09-21 20:29:55
wpvulndb
wpvulndb
WordPress 4.5.3 - Authenticated Denial of Service (DoS)
2016-08-20 00:00:00
metasploit
metasploit
WordPress Traversal Directory DoS
2017-04-30 13:03:48
exploitpack
exploitpack
WordPress 4.5.3 - Directory Traversal Denial of Service
2016-08-22 00:00:00
zdt
zdt
WordPress 4.5.3 - Directory Traversal / Denial of Service
2016-08-22 00:00:00
exploitdb
exploitdb
WordPress Core 4.5.3 - Directory Traversal / Denial of Service
2016-08-22 00:00:00
packetstorm
packetstorm
WordPress Traversal Directory Denial of Service
2024-08-31 00:00:00