WordPress < 5.0.4 Directory Traversal Vulnerability
Medium Nessus Plugin ID 125596
SynopsisA PHP application running on the remote web server is affected by a directory traversal vulnerability.
DescriptionAccording to its self-reported version number, the WordPress application running on the remote web server is prior to 5.0.4. It is, therefore, affected by a directory traversal vulnerability in its wp_crop_image() component. An authenticated, remote attacker can exploit this, by sending a URI that contains directory traversal characters, to disclose the contents of files located outside of the server's restricted path.
SolutionUpgrade to WordPress version 5.0.4 or later.