Oval Definition:oval:com.ubuntu.xenial:def:2016101480000000
Revision Date:2017-01-18Version:1
Title:CVE-2016-10148 on Ubuntu 16.04 LTS (xenial) - medium.
Description:The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2016-10148
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND wordpress package in xenial is affected and needs fixing.
    • BACK