WordPress Core wp attached file Post Edit Directory Traversal

The strikes emulates a path traversal attack on WordPress CMS platform. The attack can be carried by a low privileged user by providing a wp attached file parameter when editing media files, thus modifying post metadata. By leveraging this vulnerability with a local file inclusion exploit, an attacker may gain code execution on the host system.