Intrusion Prevention

WordPress.Admin.API.Directory.Traversal

Description

This indicates an attack attempt against a Directory Traversal vulnerability in WordPress
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted requests to Admin API. A remote attacker can exploit this to perform a denial of service attack on the service target via multiple crafted requests.

Affected Products

WordPress Project WordPress prior to 4.6

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the latest patch from the vendor.
https://core.trac.wordpress.org/ticket/37490

CVE References

CVE-2016-6896