PT-2023-21137 · WordPress · Wordpress

Matt Rusnak

Publicado

2023-05-17

Atualizado

2024-05-08

CVE-2023-2745

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WordPress Core versions up to, and including, 6.2

Description The issue allows unauthenticated attackers to access and load arbitrary translation files via the wp lang parameter, potentially leading to a Cross-Site Scripting attack if a crafted translation file is uploaded to the site.

Recommendations For WordPress Core versions up to, and including, 6.2, consider restricting access to the wp lang parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using upload forms that could allow attackers to upload crafted translation files.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BIT-WORDPRESS-2023-2745

BIT-WORDPRESS-MULTISITE-2023-2745

CVE-2023-2745

DLA-3462-1

DSA-5685-1

Produtos afetados

Wordpress

PT-2023-21137 · WordPress · Wordpress

CVE-2023-2745

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 22