VulnerableCode Vulnerability Details - VCID-x9ev-1f87-bue7

Search for vulnerabilities

Vulnerability details: VCID-x9ev-1f87-bue7

Essentials
Severities (13)
References (3)
Severity details (0)
Exploits (2)
EPSS
History (1)

Vulnerability ID	VCID-x9ev-1f87-bue7
Aliases	CVE-2016-6897
Summary
Status	Published
Exploitability	2.0
Weighted Severity	0.3
Risk	0.6
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
epss	0.29012	https://api.first.org/data/v1/epss?cve=CVE-2016-6897
epss	0.29012	https://api.first.org/data/v1/epss?cve=CVE-2016-6897
epss	0.29012	https://api.first.org/data/v1/epss?cve=CVE-2016-6897
epss	0.29012	https://api.first.org/data/v1/epss?cve=CVE-2016-6897
epss	0.29012	https://api.first.org/data/v1/epss?cve=CVE-2016-6897
epss	0.29012	https://api.first.org/data/v1/epss?cve=CVE-2016-6897
epss	0.29012	https://api.first.org/data/v1/epss?cve=CVE-2016-6897
epss	0.29012	https://api.first.org/data/v1/epss?cve=CVE-2016-6897
epss	0.29012	https://api.first.org/data/v1/epss?cve=CVE-2016-6897
epss	0.29012	https://api.first.org/data/v1/epss?cve=CVE-2016-6897
epss	0.2929	https://api.first.org/data/v1/epss?cve=CVE-2016-6897
epss	0.2929	https://api.first.org/data/v1/epss?cve=CVE-2016-6897
epss	0.2929	https://api.first.org/data/v1/epss?cve=CVE-2016-6897

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2016-6897
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6897
837090		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837090

Data source	Metasploit
Description	Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.
Note	Stability: - crash-service-down SideEffects: [] Reliability: []
Ransomware campaign use	Unknown
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/http/wordpress_directory_traversal_dos.rb

Data source	Exploit-DB
Date added	Aug. 22, 2016
Description	WordPress Core 4.5.3 - Directory Traversal / Denial of Service
Ransomware campaign use	Known
Source publication date	Aug. 22, 2016
Exploit type	webapps
Platform	php
Source update date	Aug. 22, 2016

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Percentile	0.9638
EPSS Score	0.29012
Published At	Aug. 8, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T11:55:31.339177+00:00	EPSS Importer	Import	https://epss.cyentia.com/epss_scores-current.csv.gz	37.0.0