CVE-2023-2745

Summary

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.

Affected Software

VendorProductVersion RangeStatus
WordPress FoundationWordPress0 < 4.1.38affected
WordPress FoundationWordPress4.2 < 4.2.35affected
WordPress FoundationWordPress4.3 < 4.3.31affected
WordPress FoundationWordPress4.4 < 4.4.30affected
WordPress FoundationWordPress4.5 < 4.5.29affected
WordPress FoundationWordPress4.6 < 4.6.26affected
WordPress FoundationWordPress4.7 < 4.7.26affected
WordPress FoundationWordPress4.8 < 4.8.22affected
WordPress FoundationWordPress4.9 < 4.9.23affected
WordPress FoundationWordPress5.0 < 5.0.19affected
WordPress FoundationWordPress5.1 < 5.1.16affected
WordPress FoundationWordPress5.2 < 5.2.18affected
WordPress FoundationWordPress5.3 < 5.3.15affected
WordPress FoundationWordPress5.4 < 5.4.13affected
WordPress FoundationWordPress5.5 < 5.5.12affected
WordPress FoundationWordPress5.6 < 5.6.11affected
WordPress FoundationWordPress5.7 < 5.7.9affected
WordPress FoundationWordPress5.8 < 5.8.7affected
WordPress FoundationWordPress5.9 < 5.9.6affected
WordPress FoundationWordPress6.0 < 6.0.4affected
WordPress FoundationWordPress6.1 < 6.1.2affected
WordPress FoundationWordPress6.2 < 6.2.1affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References