CVE-2016-7169

MEDIUM

Wordpress < 4.6 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.

References (6)

[Patch] https://codex.wordpress.org/Version_4.6.1

[Patch] https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e

[Patch, Vendor Advisory] https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/

[Third Party Advisory] https://wpvulndb.com/vulnerabilities/8616

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92841

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3681

Scores

CVSS v3 6.3

EPSS 0.0301

EPSS Percentile 86.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-22

Status published

Affected Products (2)

wordpress/wordpress < 4.6

n/a/n/a

Timeline

Published Jan 05, 2017

Tracked Since Feb 18, 2026