2023-05-17 09:16:57 +00:00
{
"id" : "CVE-2023-2745" ,
"sourceIdentifier" : "security@wordfence.com" ,
"published" : "2023-05-17T09:15:10.303" ,
2023-05-26 04:00:30 +00:00
"lastModified" : "2023-05-26T02:20:47.080" ,
"vulnStatus" : "Analyzed" ,
2023-05-17 09:16:57 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the \u2018wp_lang\u2019 parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack."
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-05-26 04:00:30 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 6.1 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 2.7
} ,
2023-05-17 09:16:57 +00:00
{
"source" : "security@wordfence.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 5.4 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.2 ,
"impactScore" : 2.7
}
]
} ,
"weaknesses" : [
2023-05-26 04:00:30 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-22"
}
]
} ,
2023-05-17 09:16:57 +00:00
{
"source" : "security@wordfence.com" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-22"
}
]
}
] ,
2023-05-26 04:00:30 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "4.1.38" ,
"matchCriteriaId" : "72FEE686-296A-4EEF-8EC7-70F19B2ECC8D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.2" ,
"versionEndExcluding" : "4.2.35" ,
"matchCriteriaId" : "FE814729-9FD8-41E7-8AA5-F123A79833B9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.3" ,
"versionEndExcluding" : "4.3.31" ,
"matchCriteriaId" : "99259AB0-B175-402A-A186-C266EE088033"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.4" ,
"versionEndExcluding" : "4.4.30" ,
"matchCriteriaId" : "19A06A3E-A938-49B7-914A-F970198B583A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.5" ,
"versionEndExcluding" : "4.5.29" ,
"matchCriteriaId" : "9CA38BB9-8B35-478E-9E39-319DF67C35CD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.6" ,
"versionEndExcluding" : "4.6.26" ,
"matchCriteriaId" : "CCA4F837-593D-4AFD-9D1B-EF610FEC5FF8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.7" ,
"versionEndExcluding" : "4.7.26" ,
"matchCriteriaId" : "3A4ADD5E-F7DF-4407-88F9-EA01E6F06527"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.8" ,
"versionEndExcluding" : "4.8.22" ,
"matchCriteriaId" : "0B5A5147-A542-4F16-9EBD-2038CAF052E5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.9" ,
"versionEndExcluding" : "4.9.23" ,
"matchCriteriaId" : "79324121-3888-4546-B9C2-24086AED5DC0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.0" ,
"versionEndExcluding" : "5.0.19" ,
"matchCriteriaId" : "F0EE2796-CF56-4ECA-B789-43A1F84D0584"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.1" ,
"versionEndExcluding" : "5.1.16" ,
"matchCriteriaId" : "6518C0C4-8879-4E08-87A1-670AC86286B1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.2" ,
"versionEndExcluding" : "5.2.18" ,
"matchCriteriaId" : "F0217196-8093-4802-887B-CB32D0269913"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.3" ,
"versionEndExcluding" : "5.3.15" ,
"matchCriteriaId" : "6A76E2C9-E081-46B3-9089-98C5EE1CBE88"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.4" ,
"versionEndExcluding" : "5.4.13" ,
"matchCriteriaId" : "8290086D-12BE-46E5-97E3-8616609C73A6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.5" ,
"versionEndExcluding" : "5.5.12" ,
"matchCriteriaId" : "64A76DFC-7B9A-420F-B893-BCC2E82E0804"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.6" ,
"versionEndExcluding" : "5.6.11" ,
"matchCriteriaId" : "A2D5BDD5-1808-4C63-8114-352A8D46E3B2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.7" ,
"versionEndExcluding" : "5.7.9" ,
"matchCriteriaId" : "69562325-CEA6-478E-9938-FA173578F280"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.8" ,
"versionEndExcluding" : "5.8.7" ,
"matchCriteriaId" : "62FEB36C-296F-40FB-B061-05104C1355F9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.9" ,
"versionEndExcluding" : "5.9.6" ,
"matchCriteriaId" : "4C9F371A-3573-4253-95B1-235B50414A69"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.0" ,
"versionEndExcluding" : "6.0.4" ,
"matchCriteriaId" : "80D8EF2C-5074-4655-A093-7B2715584219"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.1" ,
"versionEndExcluding" : "6.1.2" ,
"matchCriteriaId" : "77A2C30C-AFD4-4EE9-B7C8-7380A79BDE8B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:6.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FE62E493-0231-4BBE-BC6B-8A9F153C6B04"
}
]
}
]
}
] ,
2023-05-17 09:16:57 +00:00
"references" : [
2023-05-17 18:00:39 +00:00
{
"url" : "http://packetstormsecurity.com/files/172426/WordPress-Core-6.2-XSS-CSRF-Directory-Traversal.html" ,
2023-05-26 04:00:30 +00:00
"source" : "security@wordfence.com" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
2023-05-17 18:00:39 +00:00
} ,
2023-05-17 09:16:57 +00:00
{
"url" : "https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=55765%40%2F&new=55765%40%2F&sfp_email=&sfph_mail=" ,
2023-05-26 04:00:30 +00:00
"source" : "security@wordfence.com" ,
"tags" : [
"Patch"
]
2023-05-17 09:16:57 +00:00
} ,
{
"url" : "https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/" ,
2023-05-26 04:00:30 +00:00
"source" : "security@wordfence.com" ,
"tags" : [
"Release Notes"
]
2023-05-17 09:16:57 +00:00
} ,
{
"url" : "https://www.wordfence.com/threat-intel/vulnerabilities/id/edcf46b6-368e-49c0-b2c3-99bf6e2d358f?source=cve" ,
2023-05-26 04:00:30 +00:00
"source" : "security@wordfence.com" ,
"tags" : [
"Third Party Advisory"
]
2023-05-17 09:16:57 +00:00
}
]
}
