File Access Vulnerability in Advanced Ajax Page Loader for WordPress
CVE-2016-10929

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Advanced Ajax Page Loader
Vendor: CVE Published:; 22 August 2019

What is CVE-2016-10929?

The Advanced Ajax Page Loader plugin for WordPress prior to version 2.7.7 is susceptible to a file access vulnerability that allows unauthorized users to read uploaded files. This occurs when a user is not logged in, creating a significant risk of information exposure. Website administrators using this plugin should ensure they are running the latest version to mitigate potential threats.

References

https://wordpress.org/plugins/advanced-ajax-page-loader/#...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2019
Vulnerability Reserved
Aug 21, 2019

Wordpress

What is CVE-2016-10929?

References

CVSS V3.1

Timeline