nvd-json-data-feeds/CVE-2024/CVE-2024-321xx/CVE-2024-32111.json

{
  "id": "CVE-2024-32111",
  "sourceIdentifier": "audit@patchstack.com",
  "published": "2024-06-25T14:15:11.630",
  "lastModified": "2024-06-25T18:50:42.040",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5.8.9, from 5.7 through 5.7.11, from 5.6 through 5.6.13, from 5.5 through 5.5.14, from 5.4 through 5.4.15, from 5.3 through 5.3.17, from 5.2 through 5.2.20, from 5.1 through 5.1.18, from 5.0 through 5.0.21, from 4.9 through 4.9.25, from 4.8 through 4.8.24, from 4.7 through 4.7.28, from 4.6 through 4.6.28, from 4.5 through 4.5.31, from 4.4 through 4.4.32, from 4.3 through 4.3.33, from 4.2 through 4.2.37, from 4.1 through 4.1.40."
    },
    {
      "lang": "es",
      "value": "La limitaci\u00f3n inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido (\"Path Traversal\") en Automattic WordPress permite un Path Traversal relativo. Este problema afecta a WordPress: de 6.5 a 6.5.4, de 6.4 a 6.4.4, de 6.3 a 6.3.4, de 6.2 a 6.2.5, de 6.1 a 6.1.6, de 6.0 a 6.0.8, de 5.9 a 5.9.9, de 5.8 a 5.8.9, de 5.7 a 5.7.11, de 5.6 a 5.6.13, de 5.5 al 5.5.14, del 5.4 al 5.4.15, del 5.3 al 5.3.17, del 5.2 al 5.2.20, del 5.1 al 5.1.18, del 5.0 al 5.0.21, del 4.9 al 4.9.25, del 4.8 hasta 4.8.24, desde 4.7 hasta 4.7.28, desde 4.6 hasta 4.6.28, desde 4.5 hasta 4.5.31, desde 4.4 hasta 4.4.32, desde 4.3 hasta 4.3.33, desde 4.2 hasta 4.2.37, desde 4.1 hasta 4.1.40."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "audit@patchstack.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 5.0,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "audit@patchstack.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-5-5-contributor-arbitrary-html-file-read-windows-only-vulnerability?_s_id=cve",
      "source": "audit@patchstack.com"
    },
    {
      "url": "https://wordpress.org/news/2024/06/wordpress-6-5-5/",
      "source": "audit@patchstack.com"
    }
  ]
}