Lucene search

PatchstackVULNRICHMENT:CVE-2024-32111

HistoryJun 25, 2024 - 1:35 p.m.

CVE-2024-32111 WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability

2024-06-2513:35:45

CWE-22

Patchstack

github.com

wordpress

path traversal

vulnerability

windows

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.6%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5.8.9, from 5.7 through 5.7.11, from 5.6 through 5.6.13, from 5.5 through 5.5.14, from 5.4 through 5.4.15, from 5.3 through 5.3.17, from 5.2 through 5.2.20, from 5.1 through 5.1.18, from 5.0 through 5.0.21, from 4.9 through 4.9.25, from 4.8 through 4.8.24, from 4.7 through 4.7.28, from 4.6 through 4.6.28, from 4.5 through 4.5.31, from 4.4 through 4.4.32, from 4.3 through 4.3.33, from 4.2 through 4.2.37, from 4.1 through 4.1.40.

CNA Affected

[
  {
    "vendor": "Automattic",
    "product": "WordPress",
    "versions": [
      {
        "status": "affected",
        "changes": [
          {
            "at": "6.5.5",
            "status": "unaffected"
          }
        ],
        "version": "6.5",
        "versionType": "custom",
        "lessThanOrEqual": "6.5.4"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "6.4.5",
            "status": "unaffected"
          }
        ],
        "version": "6.4",
        "versionType": "custom",
        "lessThanOrEqual": "6.4.4"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "6.3.5",
            "status": "unaffected"
          }
        ],
        "version": "6.3",
        "versionType": "custom",
        "lessThanOrEqual": "6.3.4"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "6.2.6",
            "status": "unaffected"
          }
        ],
        "version": "6.2",
        "versionType": "custom",
        "lessThanOrEqual": "6.2.5"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "6.1.7",
            "status": "unaffected"
          }
        ],
        "version": "6.1",
        "versionType": "custom",
        "lessThanOrEqual": "6.1.6"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "6.0.9",
            "status": "unaffected"
          }
        ],
        "version": "6.0",
        "versionType": "custom",
        "lessThanOrEqual": "6.0.8"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "5.9.10",
            "status": "unaffected"
          }
        ],
        "version": "5.9",
        "versionType": "custom",
        "lessThanOrEqual": "5.9.9"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "5.8.10",
            "status": "unaffected"
          }
        ],
        "version": "5.8",
        "versionType": "custom",
        "lessThanOrEqual": "5.8.9"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "5.7.12",
            "status": "unaffected"
          }
        ],
        "version": "5.7",
        "versionType": "custom",
        "lessThanOrEqual": "5.7.11"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "5.6.14",
            "status": "unaffected"
          }
        ],
        "version": "5.6",
        "versionType": "custom",
        "lessThanOrEqual": "5.6.13"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "5.5.15",
            "status": "unaffected"
          }
        ],
        "version": "5.5",
        "versionType": "custom",
        "lessThanOrEqual": "5.5.14"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "5.4.16",
            "status": "unaffected"
          }
        ],
        "version": "5.4",
        "versionType": "custom",
        "lessThanOrEqual": "5.4.15"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "5.3.18",
            "status": "unaffected"
          }
        ],
        "version": "5.3",
        "versionType": "custom",
        "lessThanOrEqual": "5.3.17"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "5.2.21",
            "status": "unaffected"
          }
        ],
        "version": "5.2",
        "versionType": "custom",
        "lessThanOrEqual": "5.2.20"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "5.1.19",
            "status": "unaffected"
          }
        ],
        "version": "5.1",
        "versionType": "custom",
        "lessThanOrEqual": "5.1.18"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "5.0.22",
            "status": "unaffected"
          }
        ],
        "version": "5.0",
        "versionType": "custom",
        "lessThanOrEqual": "5.0.21"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "4.9.26",
            "status": "unaffected"
          }
        ],
        "version": "4.9",
        "versionType": "custom",
        "lessThanOrEqual": "4.9.25"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "4.8.25",
            "status": "unaffected"
          }
        ],
        "version": "4.8",
        "versionType": "custom",
        "lessThanOrEqual": "4.8.24"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "4.7.29",
            "status": "unaffected"
          }
        ],
        "version": "4.7",
        "versionType": "custom",
        "lessThanOrEqual": "4.7.28"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "4.6.29",
            "status": "unaffected"
          }
        ],
        "version": "4.6",
        "versionType": "custom",
        "lessThanOrEqual": "4.6.28"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "4.5.32",
            "status": "unaffected"
          }
        ],
        "version": "4.5",
        "versionType": "custom",
        "lessThanOrEqual": "4.5.31"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "4.4.33",
            "status": "unaffected"
          }
        ],
        "version": "4.4",
        "versionType": "custom",
        "lessThanOrEqual": "4.4.32"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "4.3.34",
            "status": "unaffected"
          }
        ],
        "version": "4.3",
        "versionType": "custom",
        "lessThanOrEqual": "4.3.33"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "4.2.38",
            "status": "unaffected"
          }
        ],
        "version": "4.2",
        "versionType": "custom",
        "lessThanOrEqual": "4.2.37"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "4.1.41",
            "status": "unaffected"
          }
        ],
        "version": "4.1",
        "versionType": "custom",
        "lessThanOrEqual": "4.1.40"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

patchstack.com/database/vulnerability/wordpress/wordpress-core-6-5-5-contributor-arbitrary-html-file-read-windows-only-vulnerability?_s_id=cve

wordpress.org/news/2024/06/wordpress-6-5-5/