CVE-2023-2745

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-2745
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2745.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-2745
Aliases
Downstream
Published
2023-05-17T09:15:10.303Z
Modified
2026-03-14T15:01:23.169364Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.

References

Affected packages

Git / github.com/wordpress/wordpress

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
206b164e27d3db60ddf5c0b5562b9f92e4fc6fe6
Introduced
87bf150016e042bc3e21f2f1cb9de44042b8cdb1
Fixed
85ae754b8902916c967ccee1d8040e0fb51cdd8f
Introduced
b57f3aa5f00a127f209eff74b78787dd3fd5ed4d
Fixed
02242f4554cbdaa345b4545eb0adad7179f1663f
Introduced
f6a29831c76d2dbe82e9ae673539f910654c58a4
Fixed
2e33df0588ff16f2f932717eddd35804efb8bc85
Introduced
e3aafee3f2bc07e09bf79389f20ea3db731466c3
Fixed
c129defefef81abe776424ddf459f3b04b7338db
Introduced
fe47e6139dbfc0f0c9ce0d79da77926b5fceaa77
Fixed
c12fc446e7d264326cdd77b62d66f3b7ba99379d
Introduced
14247ee4302378d292863865c643abe99bbfe3c7
Fixed
eb5a504bda5fac38796af50725e7f923bc1ad02e
Introduced
06fa4161aa74619239cf27017d124081c825684a
Fixed
7e6cddf8dd03933e0f0f5b44b6c89bec3843e4c7
Introduced
29ffbff370968ae48a1b7a34e35c8b8e75cf0f91
Fixed
dde4da7b797c6f3184834075f3c472a530fe03dd
Introduced
491c67be12ca8a9fe37ae38307ba7e298c976ec3
Fixed
0cac57854d9be31fae947b1ac07e9a6075974264
Introduced
c33464a4554cff8a082bc353d9226d8104b80d2b
Fixed
e6664bb77aa10b2fde05fe5d9b0631d43656c7b6
Introduced
6fe64752be3260f2a47f38e68c2cb77400e5a0c9
Fixed
95b6583c2bca8bfbbc0067f938057c60b2578b58
Introduced
50dc0ca5bb332c895f0f39fe4e6ee1e4a43e06dc
Fixed
18a1be2684e0cbd8c7ebebecfb9ca29b13d7d607
Introduced
9ff4499281663b0c772787fd4a60538288f842e9
Fixed
64da002d598dda6b682cb595bb317008253695b8
Introduced
537fd931bc02e6e934a2d774422b897871aa87ad
Fixed
efb471e7258d930659983062c5759fcbcab01867
Introduced
965fcddcf68cf4fd122ae24b992e242dfea1d773
Fixed
2876d269e6e74858e82dac0bea7cd86ea5a870ec
Introduced
058f9903676a7efaee534a682df0a2a8b87574d8
Fixed
61abfb66115c809782419ab4d5f491a62e08e345
Introduced
50caeb6e61ad0c49d2c7e1d6d5115047a011f590
Fixed
61d5032484ddbbd548b45f293245b3dc0e791ceb
Introduced
73157386d069425c5e6ea7c4fc0122e8a9b58a7b
Fixed
21e34a51aa55a33ca92a24442744ba8c42bc1c48
Introduced
cc101b64012b16d087780657a2b828ccd7794a63
Fixed
527210254519f3f5792ac4a2297d57b981cbfd32
Introduced
6c5d5b5dcb9712bfc400b09cb6627e42898527af
Fixed
ece2b5f087bc93a3ee4047589652d8e4756f8f15
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
17e2eff4aa3beb2802cbec12b6f08e2fbf69893d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.1.38"
        },
        {
            "introduced": "4.2"
        },
        {
            "fixed": "4.2.35"
        },
        {
            "introduced": "4.3"
        },
        {
            "fixed": "4.3.31"
        },
        {
            "introduced": "4.4"
        },
        {
            "fixed": "4.4.30"
        },
        {
            "introduced": "4.5"
        },
        {
            "fixed": "4.5.29"
        },
        {
            "introduced": "4.6"
        },
        {
            "fixed": "4.6.26"
        },
        {
            "introduced": "4.7"
        },
        {
            "fixed": "4.7.26"
        },
        {
            "introduced": "4.8"
        },
        {
            "fixed": "4.8.22"
        },
        {
            "introduced": "4.9"
        },
        {
            "fixed": "4.9.23"
        },
        {
            "introduced": "5.0"
        },
        {
            "fixed": "5.0.19"
        },
        {
            "introduced": "5.1"
        },
        {
            "fixed": "5.1.16"
        },
        {
            "introduced": "5.2"
        },
        {
            "fixed": "5.2.18"
        },
        {
            "introduced": "5.3"
        },
        {
            "fixed": "5.3.15"
        },
        {
            "introduced": "5.4"
        },
        {
            "fixed": "5.4.13"
        },
        {
            "introduced": "5.5"
        },
        {
            "fixed": "5.5.12"
        },
        {
            "introduced": "5.6"
        },
        {
            "fixed": "5.6.11"
        },
        {
            "introduced": "5.7"
        },
        {
            "fixed": "5.7.9"
        },
        {
            "introduced": "5.8"
        },
        {
            "fixed": "5.8.7"
        },
        {
            "introduced": "5.9"
        },
        {
            "fixed": "5.9.6"
        },
        {
            "introduced": "6.0"
        },
        {
            "fixed": "6.0.4"
        },
        {
            "introduced": "6.1"
        },
        {
            "fixed": "6.1.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2745.json"