WordPress Admin API Directory Traversal
A vulnerability in WordPress allows an attacker to cause a denial of service condition on the server.
WordPress is an open-source content management system (CMS) installed on many web servers.
A directory traversal vulnerability was seen in the Core Ajax handlers of the WordPress Admin API. The user-supplied path is not correctly validated, which leads to this vulnerability.
By sending specially crafted requests to the Admin API, a remote, authenticated user can exploit this vulnerability. A successful attack causes a denial of service condition on the affected WordPress site.
Dell SonicWALL team has written the following signature to help protect our customers from this attack:
- IDS 5272: Web Application Directory Traversal Attack 18
- WAF 1651: WordPress Admin API Directory Traversal