ID de Prueba:	1.3.6.1.4.1.25623.1.0.809157
Categoría:	Web application abuses
Título:	WordPress Core Ajax handlers CSRF and Directory Traversal Vulnerabilities - Linux
Resumen:	WordPress is prone to CSRF and directory traversal vulnerabilities.
Descripción:	Summary: WordPress is prone to CSRF and directory traversal vulnerabilities. Vulnerability Insight: The flaw exists due to improper capability check in 'wp_ajax_update_plugin' and 'wp_ajax_delete_plugin' functions which are used in 'ajax-actions.php' script. Vulnerability Impact: Successfully exploiting this issue allow attacker to take over an authenticated user's session (privilege escalation) using a forged HTML page and to crash the web server. Affected Software/OS: WordPress version 4.5.3 on Linux. Solution: Update to WordPress version 4.6 or later. CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6896 https://www.exploit-db.com/exploits/40288/ https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html https://wpvulndb.com/vulnerabilities/8606 http://www.openwall.com/lists/oss-security/2016/08/20/1 http://www.securitytracker.com/id/1036683 Common Vulnerability Exposure (CVE) ID: CVE-2016-6897 BugTraq ID: 92572 http://www.securityfocus.com/bid/92572 Common Vulnerability Exposure (CVE) ID: CVE-2016-10148 BugTraq ID: 96847 http://www.securityfocus.com/bid/96847
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.