WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges.

Update to 4.9.7 security release.
https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-mainte nance-release/

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its self-reported version number, the detected WordPress application is affected by issue that could allow a user who is able to edit uploaded media to attempt to delete files outside the uploads directory.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Two vulnerabilities were discovered in wordpress, a web blogging tool.
The Common Vulnerabilities and Exposures project identifies the following issues.

CVE-2016-5836

The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.

CVE-2018-12895

A vulnerability was discovered in Wordpress, a web blogging tool. It allowed remote attackers with specific roles to execute arbitrary code.

For Debian 8 'Jessie', these problems have been fixed in version 4.1+dfsg-1+deb8u18.

We recommend that you upgrade your wordpress packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.9.7. It is, therefore, affected by an arbitrary file deletion vulnerability that can lead to remote code execution.

A vulnerability was discovered in Wordpress, a web blogging tool. It allowed remote attackers with specific roles to execute arbitrary code.

ID	Name	Product	Family	Severity
120471	Fedora 28 : wordpress (2018-623df1e98d)	Nessus	Fedora Local Security Checks	high
98369	WordPress 3.7.x < 3.7.27 Arbitrary File Deletion	Web App Scanning	Component Vulnerability	high
98368	WordPress 3.8.x < 3.8.27 Arbitrary File Deletion	Web App Scanning	Component Vulnerability	high
98367	WordPress 3.9.x < 3.9.25 Arbitrary File Deletion	Web App Scanning	Component Vulnerability	high
98366	WordPress 4.0.x < 4.0.24 Arbitrary File Deletion	Web App Scanning	Component Vulnerability	high
98365	WordPress 4.1.x < 4.1.24 Arbitrary File Deletion	Web App Scanning	Component Vulnerability	high
98364	WordPress 4.2.x < 4.2.21 Arbitrary File Deletion	Web App Scanning	Component Vulnerability	high
98363	WordPress 4.3.x < 4.3.17 Arbitrary File Deletion	Web App Scanning	Component Vulnerability	high
98362	WordPress 4.4.x < 4.4.16 Arbitrary File Deletion	Web App Scanning	Component Vulnerability	high
98361	WordPress 4.5.x < 4.5.15 Arbitrary File Deletion	Web App Scanning	Component Vulnerability	high
98360	WordPress 4.6.x < 4.6.12 Arbitrary File Deletion	Web App Scanning	Component Vulnerability	high
98359	WordPress 4.7.x < 4.7.11 Arbitrary File Deletion	Web App Scanning	Component Vulnerability	high
98358	WordPress 4.8.x < 4.8.7 Arbitrary File Deletion	Web App Scanning	Component Vulnerability	high
98357	WordPress 4.9.x < 4.9.7 Arbitrary File Deletion	Web App Scanning	Component Vulnerability	high
111393	Debian DLA-1452-1 : wordpress security update	Nessus	Debian Local Security Checks	high
111244	Fedora 27 : wordpress (2018-8fc2cb8cb0)	Nessus	Fedora Local Security Checks	high
111229	WordPress < 4.9.7 Arbitrary File Deletion Vulnerability	Nessus	CGI abuses	high
111173	Debian DSA-4250-1 : wordpress - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2018-12895

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high