NVD

Id
21693  
Name
CVE-2016-7169  
Description
Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-07-18  
Published
2017-01-04  
Modified Date
2017-07-17  
Seq
2016-7169  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
116658 21693 CVE-2016-7169 92841  View
116659 21693 CVE-2016-7169 https://codex.wordpress.org/Version_4.6.1  View
116660 21693 CVE-2016-7169 https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e  View
116661 21693 CVE-2016-7169 https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/  View

Related JVN