4.3

CVE-2016-10148

WordPress Core < 4.6 - Authorization Bypass

The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.
Mögliche Gegenmaßnahme
WordPress: Update to version 4.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version <= 4.5.5
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version [*, 4.6)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.64% 0.733
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.openwall.com/lists/oss-security/2016/08/20/1
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/96847
https://core.trac.wordpress.org/changeset/38168
Patch
Issue Tracking
https://core.trac.wordpress.org/ticket/37490
Issue Tracking
https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
Third Party Advisory
Technical Description
https://www.wordfence.com/threat-intel/vulnerabilities/id/da8d1659-c532-4020-be16-527c1437952a
Third Party Advisory