Lucene search

K
cvelistWordfenceCVELIST:CVE-2023-2745
HistoryMay 17, 2023 - 8:36 a.m.

CVE-2023-2745

2023-05-1708:36:44
Wordfence
www.cve.org
wordpress core
vulnerability
directory traversal
wp_lang parameter
arbitrary file access
cross-site scripting

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.

CNA Affected

[
  {
    "vendor": "WordPress Foundation",
    "product": "WordPress",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "4.1",
        "versionType": "semver"
      },
      {
        "version": "4.1",
        "status": "affected",
        "lessThan": "4.1.38",
        "versionType": "semver"
      },
      {
        "version": "4.2",
        "status": "affected",
        "lessThan": "4.2.35",
        "versionType": "semver"
      },
      {
        "version": "4.3",
        "status": "affected",
        "lessThan": "4.3.31",
        "versionType": "semver"
      },
      {
        "version": "4.4",
        "status": "affected",
        "lessThan": "4.4.30",
        "versionType": "semver"
      },
      {
        "version": "4.5",
        "status": "affected",
        "lessThan": "4.5.29",
        "versionType": "semver"
      },
      {
        "version": "4.6",
        "status": "affected",
        "lessThan": "4.6.26",
        "versionType": "semver"
      },
      {
        "version": "4.7",
        "status": "affected",
        "lessThan": "4.7.26",
        "versionType": "semver"
      },
      {
        "version": "4.8",
        "status": "affected",
        "lessThan": "4.8.22",
        "versionType": "semver"
      },
      {
        "version": "4.9",
        "status": "affected",
        "lessThan": "4.9.23",
        "versionType": "semver"
      },
      {
        "version": "5.0",
        "status": "affected",
        "lessThan": "5.0.19",
        "versionType": "semver"
      },
      {
        "version": "5.1",
        "status": "affected",
        "lessThan": "5.1.16",
        "versionType": "semver"
      },
      {
        "version": "5.2",
        "status": "affected",
        "lessThan": "5.2.18",
        "versionType": "semver"
      },
      {
        "version": "5.3",
        "status": "affected",
        "lessThan": "5.3.15",
        "versionType": "semver"
      },
      {
        "version": "5.4",
        "status": "affected",
        "lessThan": "5.4.13",
        "versionType": "semver"
      },
      {
        "version": "5.5",
        "status": "affected",
        "lessThan": "5.5.12",
        "versionType": "semver"
      },
      {
        "version": "5.6",
        "status": "affected",
        "lessThan": "5.6.11",
        "versionType": "semver"
      },
      {
        "version": "5.7",
        "status": "affected",
        "lessThan": "5.7.9",
        "versionType": "semver"
      },
      {
        "version": "5.8",
        "status": "affected",
        "lessThan": "5.8.7",
        "versionType": "semver"
      },
      {
        "version": "5.9",
        "status": "affected",
        "lessThan": "5.9.6",
        "versionType": "semver"
      },
      {
        "version": "6.0",
        "status": "affected",
        "lessThan": "6.0.4",
        "versionType": "semver"
      },
      {
        "version": "6.1",
        "status": "affected",
        "lessThan": "6.1.2",
        "versionType": "semver"
      },
      {
        "version": "6.2",
        "status": "affected",
        "lessThan": "6.2.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%