CVE-2016-6896

Name of the Vulnerable Software and Affected Versions WordPress version 4.5.3

Description A directory traversal issue exists in the wp ajax update plugin function, allowing remote authenticated users to cause a denial of service or read certain text files by including a .. (dot dot) in the plugin parameter to the /wp-admin/admin-ajax.php API endpoint. This can be demonstrated by reading from /dev/random, which depletes the entropy pool.

Recommendations For WordPress version 4.5.3, consider disabling the wp ajax update plugin function until a patch is available to prevent exploitation. Restrict access to the /wp-admin/admin-ajax.php API endpoint to minimize the risk of denial of service or unauthorized file reads. Avoid using the plugin parameter in the affected API endpoint until the issue is resolved.