ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <=4.9.6 - Arbitrary Code Execution vulnerability

Product
WordPress
Description
Arbitrary Code Execution vulnerability found by ripstech in WordPress (versions <=4.9.6).
Solution
A new version v4.9.7 including a patch has been released. Please update to 4.9.7 version.
Classification
Type Arbitrary Code Execution
OWASP Top 10 A7: Missing Function Level Access Control
References
Vulnerability description
CVE
Name CVE-2018-12895
Versions
Affected In <=4.9.6
Fixed In 4.9.7
Disclosure date
2018-06-27
Credits
ripstech
Submitter
ThreatPress