WordPress Core 6.2 Unauth DT via wp_lang Param
CVE-2023-2745 Published on May 17, 2023
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the wp_lang parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
Timeline
Disclosed
Products Associated with CVE-2023-2745
Want to know whenever a new CVE is published for WordPress? stack.watch will email you.
Affected Versions
WordPress Foundation WordPress:- Version *, <= 4.1 is affected.
- Version 4.1 and below 4.1.38 is affected.
- Version 4.2 and below 4.2.35 is affected.
- Version 4.3 and below 4.3.31 is affected.
- Version 4.4 and below 4.4.30 is affected.
- Version 4.5 and below 4.5.29 is affected.
- Version 4.6 and below 4.6.26 is affected.
- Version 4.7 and below 4.7.26 is affected.
- Version 4.8 and below 4.8.22 is affected.
- Version 4.9 and below 4.9.23 is affected.
- Version 5.0 and below 5.0.19 is affected.
- Version 5.1 and below 5.1.16 is affected.
- Version 5.2 and below 5.2.18 is affected.
- Version 5.3 and below 5.3.15 is affected.
- Version 5.4 and below 5.4.13 is affected.
- Version 5.5 and below 5.5.12 is affected.
- Version 5.6 and below 5.6.11 is affected.
- Version 5.7 and below 5.7.9 is affected.
- Version 5.8 and below 5.8.7 is affected.
- Version 5.9 and below 5.9.6 is affected.
- Version 6.0 and below 6.0.4 is affected.
- Version 6.1 and below 6.1.2 is affected.
- Version 6.2 and below 6.2.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.