Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2023-2745 First vendor Publication 2023-05-17
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2745

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 698

Sources (Detail)

http://packetstormsecurity.com/files/172426/WordPress-Core-6.2-XSS-CSRF-Direc...
https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&repon...
https://lists.debian.org/debian-lts-announce/2023/06/msg00024.html
https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/
https://www.wordfence.com/threat-intel/vulnerabilities/id/edcf46b6-368e-49c0-...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Date Informations
2024-11-28 14:23:31
  • Multiple Updates
2024-08-02 13:47:01
  • Multiple Updates
2024-08-02 01:32:34
  • Multiple Updates
2024-02-02 02:44:17
  • Multiple Updates
2024-02-01 12:29:40
  • Multiple Updates
2023-11-10 02:35:48
  • Multiple Updates
2023-11-10 02:30:28
  • Multiple Updates
2023-11-09 17:28:58
  • Multiple Updates
2023-11-07 21:28:59
  • Multiple Updates
2023-09-05 13:39:45
  • Multiple Updates
2023-09-05 01:28:53
  • Multiple Updates
2023-09-02 13:37:58
  • Multiple Updates
2023-09-02 01:29:22
  • Multiple Updates
2023-08-12 13:43:24
  • Multiple Updates
2023-08-12 01:28:37
  • Multiple Updates
2023-08-11 13:34:42
  • Multiple Updates
2023-08-11 01:29:29
  • Multiple Updates
2023-08-06 13:31:59
  • Multiple Updates
2023-08-06 01:28:15
  • Multiple Updates
2023-08-04 13:32:27
  • Multiple Updates
2023-08-04 01:28:38
  • Multiple Updates
2023-07-14 13:32:13
  • Multiple Updates
2023-07-14 01:28:15
  • Multiple Updates
2023-06-21 09:27:38
  • Multiple Updates
2023-05-31 00:27:26
  • Multiple Updates
2023-05-30 21:26:44
  • Multiple Updates
2023-05-26 09:27:28
  • Multiple Updates
2023-05-17 21:27:18
  • Multiple Updates
2023-05-17 17:27:18
  • Multiple Updates
2023-05-17 13:27:33
  • First insertion