WordPress 4.5.x < 4.5.29 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :

• A directory traversal via wp_lang. (CVE-2023-2745)

• A Cross-Site Request Forgery (CSRF) via wp_ajax_set_attachment_thumbnail.

• An authenticated stored Cross-Site Scripting (XSS) via embed discovery functionality.

• An insufficient sanitization of block attributes.

• A shortcode execution in user generated content.

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.