Search for vulnerabilities
| Vulnerability ID | VCID-x9ev-1f87-bue7 |
| Aliases |
CVE-2016-6897
|
| Summary | |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 0.3 |
| Risk | 0.6 |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| Data source | Exploit-DB |
|---|---|
| Date added | Aug. 22, 2016 |
| Description | WordPress Core 4.5.3 - Directory Traversal / Denial of Service |
| Ransomware campaign use | Known |
| Source publication date | Aug. 22, 2016 |
| Exploit type | webapps |
| Platform | php |
| Source update date | Aug. 22, 2016 |
| Data source | Metasploit |
|---|---|
| Description | Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896. |
| Note | Stability: - crash-service-down SideEffects: [] Reliability: [] |
| Ransomware campaign use | Unknown |
| Source URL | https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/http/wordpress_directory_traversal_dos.rb |
| Percentile | 0.9638 |
| EPSS Score | 0.29012 |
| Published At | Aug. 8, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T11:55:31.339177+00:00 | EPSS Importer | Import | https://epss.cyentia.com/epss_scores-current.csv.gz | 37.0.0 |