CVE-2023-2745
- Source
- https://cve.org/CVERecord?id=CVE-2023-2745
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-2745.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-2745
- Aliases
- Downstream
- Published
- 2023-05-17T08:36:44.034Z
- Modified
- 2026-06-18T03:55:07.948333534Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- WordPress Core < 6.2.1 - Directory Traversal
- Details
-
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
- Database specific
{ "cna_assigner": "Wordfence", "unresolved_ranges": [ { "source": "AFFECTED_FIELD", "extracted_events": [ { "fixed": "4.1.38" }, { "introduced": "4.2" }, { "fixed": "4.2.35" }, { "introduced": "4.3" }, { "fixed": "4.3.31" }, { "introduced": "4.4" }, { "fixed": "4.4.30" }, { "introduced": "4.5" }, { "fixed": "4.5.29" }, { "introduced": "4.6" }, { "fixed": "4.6.26" }, { "introduced": "4.7" }, { "fixed": "4.7.26" }, { "introduced": "4.8" }, { "fixed": "4.8.22" }, { "introduced": "4.9" }, { "fixed": "4.9.23" }, { "introduced": "5.0" }, { "fixed": "5.0.19" }, { "introduced": "5.1" }, { "fixed": "5.1.16" }, { "introduced": "5.2" }, { "fixed": "5.2.18" }, { "introduced": "5.3" }, { "fixed": "5.3.15" }, { "introduced": "5.4" }, { "fixed": "5.4.13" }, { "introduced": "5.5" }, { "fixed": "5.5.12" }, { "introduced": "5.6" }, { "fixed": "5.6.11" }, { "introduced": "5.7" }, { "fixed": "5.7.9" }, { "introduced": "5.8" }, { "fixed": "5.8.7" }, { "introduced": "5.9" }, { "fixed": "5.9.6" }, { "introduced": "6.0" }, { "fixed": "6.0.4" }, { "introduced": "6.1" }, { "fixed": "6.1.2" }, { "introduced": "6.2" }, { "fixed": "6.2.1" } ] } ], "cwe_ids": [ "CWE-22" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/2xxx/CVE-2023-2745.json" }- References
-
- http://packetstormsecurity.com/files/172426/WordPress-Core-6.2-XSS-CSRF-Directory-Traversal.html
- https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=55765%40%2F&new=55765%40%2F&sfp_email=&sfph_mail=
- https://lists.debian.org/debian-lts-announce/2023/06/msg00024.html
- https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/
- https://www.exploit-db.com/exploits/52274
- https://www.wordfence.com/threat-intel/vulnerabilities/id/edcf46b6-368e-49c0-b2c3-99bf6e2d358f?source=cve
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/2xxx/CVE-2023-2745.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-2745
- https://www.wordfence.com/blog/2023/05/wordpress-core-6-2-1-security-maintenance-release-what-you-need-to-know/
Affected packages
Git / github.com/wordpress/wordpress
Affected ranges
- Type
- GIT
- Repo
- https://github.com/wordpress/wordpress
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "source": [ "CPE_RANGE", "CPE_STRING" ], "extracted_events": [ { "introduced": "0" }, { "fixed": "4.1.38" }, { "last_affected": "6.2" }, { "introduced": "4.2" }, { "fixed": "4.2.35" }, { "introduced": "4.3" }, { "fixed": "4.3.31" }, { "introduced": "4.4" }, { "fixed": "4.4.30" }, { "introduced": "4.5" }, { "fixed": "4.5.29" }, { "introduced": "4.6" }, { "fixed": "4.6.26" }, { "introduced": "4.7" }, { "fixed": "4.7.26" }, { "introduced": "4.8" }, { "fixed": "4.8.22" }, { "introduced": "4.9" }, { "fixed": "4.9.23" }, { "introduced": "5.0" }, { "fixed": "5.0.19" }, { "introduced": "5.1" }, { "fixed": "5.1.16" }, { "introduced": "5.2" }, { "fixed": "5.2.18" }, { "introduced": "5.3" }, { "fixed": "5.3.15" }, { "introduced": "5.4" }, { "fixed": "5.4.13" }, { "introduced": "5.5" }, { "fixed": "5.5.12" }, { "introduced": "5.6" }, { "fixed": "5.6.11" }, { "introduced": "5.7" }, { "fixed": "5.7.9" }, { "introduced": "5.8" }, { "fixed": "5.8.7" }, { "introduced": "5.9" }, { "fixed": "5.9.6" }, { "introduced": "6.0" }, { "fixed": "6.0.4" }, { "introduced": "6.1" }, { "fixed": "6.1.2" } ], "cpe": [ "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:6.2:*:*:*:*:*:*:*" ] }
Git / github.com/wordpress/wordpress-develop
Affected ranges
- Type
- GIT
- Repo
- https://github.com/wordpress/wordpress-develop
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "source": [ "CPE_RANGE", "CPE_STRING" ], "extracted_events": [ { "introduced": "0" }, { "fixed": "4.1.38" }, { "last_affected": "6.2" }, { "introduced": "4.2" }, { "fixed": "4.2.35" }, { "introduced": "4.3" }, { "fixed": "4.3.31" }, { "introduced": "4.4" }, { "fixed": "4.4.30" }, { "introduced": "4.5" }, { "fixed": "4.5.29" }, { "introduced": "4.6" }, { "fixed": "4.6.26" }, { "introduced": "4.7" }, { "fixed": "4.7.26" }, { "introduced": "4.8" }, { "fixed": "4.8.22" }, { "introduced": "4.9" }, { "fixed": "4.9.23" }, { "introduced": "5.0" }, { "fixed": "5.0.19" }, { "introduced": "5.1" }, { "fixed": "5.1.16" }, { "introduced": "5.2" }, { "fixed": "5.2.18" }, { "introduced": "5.3" }, { "fixed": "5.3.15" }, { "introduced": "5.4" }, { "fixed": "5.4.13" }, { "introduced": "5.5" }, { "fixed": "5.5.12" }, { "introduced": "5.6" }, { "fixed": "5.6.11" }, { "introduced": "5.7" }, { "fixed": "5.7.9" }, { "introduced": "5.8" }, { "fixed": "5.8.7" }, { "introduced": "5.9" }, { "fixed": "5.9.6" }, { "introduced": "6.0" }, { "fixed": "6.0.4" }, { "introduced": "6.1" }, { "fixed": "6.1.2" } ], "cpe": [ "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:6.2:*:*:*:*:*:*:*" ] }