CVE-2023-2745

WordPress Core < 6.2.1 - Directory Traversal

CVSS 5.4 MEDIUMEPSS 79.5%CWE-22

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Affected products

WordPress Foundation · WordPress

public PoCs found — 3

githubgithub.com/fofovicfof-ai/cve-2023-2745★ 0 cve_referencepacketstormsecurity.com/files/172426/WordPress-Core-6.2-XSS-CSRF-Directory-Traversal.htmlunverified cve_referencewww.exploit-db.com/exploits/52274unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/172426/WordPress-Core-6.2-XSS-CSRF-Directory-Traversal.html https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=55765%40%2F&new=55765%40%2F&sfp_email=&sfph_mail=https://lists.debian.org/debian-lts-announce/2023/06/msg00024.html https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/https://www.exploit-db.com/exploits/52274 https://www.wordfence.com/blog/2023/05/wordpress-core-6-2-1-security-maintenance-release-what-you-need-to-know/https://www.wordfence.com/threat-intel/vulnerabilities/id/edcf46b6-368e-49c0-b2c3-99bf6e2d358f?source=cve