WordPress Admin API Directory Traversal

A vulnerability in WordPress allows an attacker to cause a denial of service condition on the server.

WordPress is an open-source content management system (CMS) installed on many web servers.

A directory traversal vulnerability was seen in the Core Ajax handlers of the WordPress Admin API. The user-supplied path is not correctly validated, which leads to this vulnerability.

By sending specially crafted requests to the Admin API, a remote, authenticated user can exploit this vulnerability. A successful attack causes a denial of service condition on the affected WordPress site.

Dell SonicWALL team has written the following signature to help protect our customers from this attack:

• IDS 5272: Web Application Directory Traversal Attack 18

• WAF 1651: WordPress Admin API Directory Traversal