CVE-2023-2745

CVSS V2 None CVSS V3 None

Description

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.

Overview

CVE ID
CVE-2023-2745

Assigner
security@wordfence.com

Vulnerability Status
Received

Published Version
2023-05-17T09:15:10

Last Modified Date
2023-05-17T09:15:10

Weakness Enumerations

CWE	URL
CWE-22	http://cwe.mitre.org/data/definitions/22.html

References

Reference URL	Reference Tags
https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=55765%40%2F&new=55765%40%2F&sfp_email=&sfph_mail=
https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/
https://www.wordfence.com/threat-intel/vulnerabilities/id/edcf46b6-368e-49c0-b2c3-99bf6e2d358f?source=cve

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-2745
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2745

History

Created	Old Value	New Value	Data Type	Notes
2023-05-17 10:00:32				Added to TrackCVE
2023-05-17 10:00:33			Weakness Enumeration	new