Facebook Google Plus Twitter LinkedIn YouTube RSS 功能表 搜尋 Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress 4.5.x < 4.6 Multiple Vulnerabilities



The remote server is hosting an outdated installation of WordPress that is affected by multiple vulnerabilities.


Versions of WordPress 4.5.x prior to 4.6 are affected by multiple vulnerabilities :

- A path traversal vulnerability exists in the WordPress Admin API in the 'wp_ajax_update_plugin()' function in 'ajax-actions.php' due to improper sanitization of user-supplied input.An authenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition.(CVE-2016-6896) - A cross-site request forgery vulnerability (CSRF/XSRF) exists in the 'admin-ajax.php' script due to a failure to require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions.An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to perform arbitrary AJAX updates.(CVE-2016-6897) - An information disclosure vulnerability exists in the 'wp_ajax_update_plugin()' function in the 'ajax-actions.php' script due to performing a call to 'get_plug_data()' before checking capabilities.An authenticated, remote attacker can exploit this to bypass intended read-access restrictions, resulting in a disclosure of sensitive information.(CVE-2016-10148)


Upgrade to WordPress 4.6 or later.