Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2019-8943 - Vulnerability Database
WordPress

WordPress Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2019-8943

Medium
Reference: CVE-2019-8943
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-8943
Title: WordPress Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences such as a filename ending with the .jpg/../../file.jpg substring.