Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress 4.9.x Directory Traversal (4.9 - 4.9.25) - Vulnerability Database

WordPress 4.9.x Directory Traversal (4.9 - 4.9.25)

Description

WordPress is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input data. Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks. WordPress versions 4.9.x ranging from 4.9 and up to (and including) 4.9.25 are vulnerable.

Remediation

Update to WordPress version 4.9.26 or latest

References

https://www.wordfence.com/blog/2024/06/wordpress-6-5-5-security-release-what-you-need-to-know/
https://wordpress.org/documentation/wordpress-version/version-4-9-26/

Related Vulnerabilities

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Directory Traversal (1.7.14.2) High
Common tags: Missing Update Directory Traversal
WordPress Plugin Cross-RSS Directory Traversal (1.7) High
Common tags: Missing Update Directory Traversal
Joomla! Core Directory Traversal (2.5.0 - 3.9.20) High
Common tags: Missing Update Directory Traversal
WordPress Plugin Font-official webfonts plugin of Fonts For Web Directory Traversal (7.5) High
Common tags: Missing Update Directory Traversal
WordPress Plugin MW WP Form Directory Traversal (4.4.2) High
Common tags: Missing Update Directory Traversal

Severity

High

Classification

CWE-22
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update
Directory Traversal