VDB

DEBIAN-CVE-2023-2745

DEBIAN-CVE-2023-2745 PUBLISHED CVSS 5.400000095367432 MEDIUM

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.

Risk Scores

CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Debian:12wordpress*, 0, 0
Debian:14wordpress0
Debian:13wordpress0, 0, 0
Debian:11wordpress5.7.5+dfsg1-0+deb11u1, 5.7.8+dfsg1-0+deb11u1, *

Exploit Intelligence

Timeline

  • May 17, 2023 CVE Published
  • May 7, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›