WordPress Directory traversal

Sooraj V Nair
Published on
26 Jun 2018
Directory traversal

The server that is uses a vulnerable version of WordPress(3.0-4.8.1) that allows a Path Traversal in Unzipping attack. This vulnerability is seen during unzip operations in the ZipArchive and PclZip components. This vulnerability allows attackers to overwrite arbitrary files. This is achieved via invalid characters between two dot characters. Properly controlling access to web content is important for running a secure web server. Directory traversal is a HTTP attack that allows attackers to access restricted directories. It also executes commands outside of the web server’s root directory. The access to files is not limited by system operational access control. This leads to Directory traversal attacks, that aims to access files and directories that are stored outside the web root folder.

Impact and Fixes

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Sooraj V Nair
Sooraj V Nair
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment