Intrusion Prevention

WordPress.wp_crop_image.Path.Traversal

Description

This indicates an attack attempt to exploit a Directory Traversal vulnerability in WordPress.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. Successful attacks may allow a remote attackers to use a specially crafted request with directory-traversal sequences to retrieve sensitive information.

Affected Products

WordPress 5.0.3 and prior versions.

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply patch if available from the vendor's website.
https://en-ca.wordpress.org/download/

CVE References

CVE-2019-8943