PT-2024-37527 · Microsoft · Windows

Published

2024-06-25

Updated

2024-06-25

CVE-2024-6306

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions: WordPress Core versions up to 6.5.5

Description: The issue allows authenticated attackers with Contributor-level access and above to include arbitrary HTML files on sites running Windows due to a Directory Traversal vulnerability via the Template Part block.

Recommendations: For versions up to 6.5.5, update to a version that contains a fix for this issue to prevent exploitation.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2024-6306

Affected Products

Windows

PT-2024-37527 · Microsoft · Windows

CVE-2024-6306

Related Identifiers

Affected Products

References · 2