This indicates an attack attempt against a Directory Traversal vulnerability in WordPress
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted requests to Admin API. A remote attacker can exploit this to perform a denial of service attack on the service target via multiple crafted requests.
WordPress Project WordPress prior to 4.6
Denial of Service: Remote attackers can crash vulnerable systems.
Apply the latest patch from the vendor.