CVE-2023-2745

Published May 17, 2023

Last updated a year ago

CVSS medium 5.4

Overview

Description: WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
Source: security@wordfence.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72FEE686-296A-4EEF-8EC7-70F19B2ECC8D",
            "versionEndExcluding": "4.1.38"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE814729-9FD8-41E7-8AA5-F123A79833B9",
            "versionEndExcluding": "4.2.35",
            "versionStartIncluding": "4.2"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99259AB0-B175-402A-A186-C266EE088033",
            "versionEndExcluding": "4.3.31",
            "versionStartIncluding": "4.3"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19A06A3E-A938-49B7-914A-F970198B583A",
            "versionEndExcluding": "4.4.30",
            "versionStartIncluding": "4.4"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CA38BB9-8B35-478E-9E39-319DF67C35CD",
            "versionEndExcluding": "4.5.29",
            "versionStartIncluding": "4.5"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCA4F837-593D-4AFD-9D1B-EF610FEC5FF8",
            "versionEndExcluding": "4.6.26",
            "versionStartIncluding": "4.6"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A4ADD5E-F7DF-4407-88F9-EA01E6F06527",
            "versionEndExcluding": "4.7.26",
            "versionStartIncluding": "4.7"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B5A5147-A542-4F16-9EBD-2038CAF052E5",
            "versionEndExcluding": "4.8.22",
            "versionStartIncluding": "4.8"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79324121-3888-4546-B9C2-24086AED5DC0",
            "versionEndExcluding": "4.9.23",
            "versionStartIncluding": "4.9"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0EE2796-CF56-4ECA-B789-43A1F84D0584",
            "versionEndExcluding": "5.0.19",
            "versionStartIncluding": "5.0"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6518C0C4-8879-4E08-87A1-670AC86286B1",
            "versionEndExcluding": "5.1.16",
            "versionStartIncluding": "5.1"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0217196-8093-4802-887B-CB32D0269913",
            "versionEndExcluding": "5.2.18",
            "versionStartIncluding": "5.2"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A76E2C9-E081-46B3-9089-98C5EE1CBE88",
            "versionEndExcluding": "5.3.15",
            "versionStartIncluding": "5.3"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8290086D-12BE-46E5-97E3-8616609C73A6",
            "versionEndExcluding": "5.4.13",
            "versionStartIncluding": "5.4"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64A76DFC-7B9A-420F-B893-BCC2E82E0804",
            "versionEndExcluding": "5.5.12",
            "versionStartIncluding": "5.5"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2D5BDD5-1808-4C63-8114-352A8D46E3B2",
            "versionEndExcluding": "5.6.11",
            "versionStartIncluding": "5.6"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69562325-CEA6-478E-9938-FA173578F280",
            "versionEndExcluding": "5.7.9",
            "versionStartIncluding": "5.7"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62FEB36C-296F-40FB-B061-05104C1355F9",
            "versionEndExcluding": "5.8.7",
            "versionStartIncluding": "5.8"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C9F371A-3573-4253-95B1-235B50414A69",
            "versionEndExcluding": "5.9.6",
            "versionStartIncluding": "5.9"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80D8EF2C-5074-4655-A093-7B2715584219",
            "versionEndExcluding": "6.0.4",
            "versionStartIncluding": "6.0"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77A2C30C-AFD4-4EE9-B7C8-7380A79BDE8B",
            "versionEndExcluding": "6.1.2",
            "versionStartIncluding": "6.1"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE62E493-0231-4BBE-BC6B-8A9F153C6B04"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References