VDB
CVE-2023-2745
CVE-2023-2745
PUBLISHED
CVSS 8.5 HIGH
WordPress Core < 6.2.1 - Directory Traversal
EPSS 79.28% · 99.1th percentile
Risk Scores
CVSS v4.0
8.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
79.28%
99.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | wordpress | 4.3.0, 4.4.0, 4.5.0 |
| Bitnami | wordpress-multisite | 4.4.0, 0, 4.2.0 |
| Bitnami | wordpress | 4.6.0, 4.7.0, 4.8.0 |
| Bitnami | wordpress-multisite | 5.8.0, 0, 4.3.0 |
Timeline
- May 16, 2023 CVE Published
- May 17, 2023 PoC Published
- May 18, 2023 EPSS Score
- May 19, 2023 PoC Published
- Jun 15, 2024 PoC Published
- Aug 10, 2024 Nuclei Template
- Aug 10, 2024 Fix Commit
- Mar 17, 2025 EPSS Score
- Mar 23, 2025 EPSS Score
- Mar 25, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
- Apr 15, 2025 EPSS Score
References
- http://packetstormsecurity.com/files/172426/WordPress-Core-6.2-XSS-CSRF-Directory-Traversal.html url
- https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=55765%40%2F&new=55765%40%2F&sfp_email=&sfph_mail= url
- https://lists.debian.org/debian-lts-announce/2023/06/msg00024.html url
- https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/ url
- https://www.wordfence.com/threat-intel/vulnerabilities/id/edcf46b6-368e-49c0-b2c3-99bf6e2d358f?source=cve url
- https://nvd.nist.gov/vuln/detail/CVE-2023-2745 url
- https://www.exploit-db.com/exploits/52274 url
- https://www.wordfence.com/blog/2023/05/wordpress-core-6-2-1-security-maintenance-release-what-you-need-to-know/ url