Cross site scripting

2023-05-1709:15:00

PRIOn knowledge base

www.prio-n.com

201

wordpress

core

vulnerability

directory traversal

arbitrary

translation

files

unauthenticated access

cross-site scripting

0.003 Low

EPSS

Percentile

69.9%

JSON

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.

CPENameOperatorVersion
wordpresseq6.2
wordpressge6.1
wordpresslt6.1.2
wordpressge6.0
wordpresslt6.0.4
wordpressge5.9
wordpresslt5.9.6
wordpressge5.8
wordpresslt5.8.7
wordpressge5.6