Directory Traversal

2017-09-2902:36:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.005

Percentile

76.0%

JSON

Wordpress is vulnerable to directory traversal attacks. The library does not validate file names before attempting to unzip them, allowing a malicious user to pass a malformed path to traverse the application’s directory.

References

core.trac.wordpress.org/changeset/41457

wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

EPSS

0.005

Percentile

76.0%

JSON

Related for VERACODE:5192