CVE-2023-2745
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
We have discovered 1,188,209 live websites that are affected by CVE-2023-2745.
Contact us to get more info
Affected Software
| |
---|
Product | WordPress |
Category | Content Management System |
Vulnerable Versions | - from 0 through 4.1
- from 4.1 before 4.1.38
- from 4.2 before 4.2.35
- from 4.3 before 4.3.31
- from 4.4 before 4.4.30
- from 4.5 before 4.5.29
- from 4.6 before 4.6.26
- from 4.7 before 4.7.26
- from 4.8 before 4.8.22
- from 4.9 before 4.9.23
- from 5 before 5.0.19
- from 5.1 before 5.1.16
- from 5.2 before 5.2.18
- from 5.3 before 5.3.15
- from 5.4 before 5.4.13
- from 5.5 before 5.5.12
- from 5.6 before 5.6.11
- from 5.7 before 5.7.9
- from 5.8 before 5.8.7
- from 5.9 before 5.9.6
- from 6 before 6.0.4
- from 6.1 before 6.1.2
- from 6.2 before 6.2.1
|
Total Vulnerable Versions | 781 |
Vulnerable Domains | 1,188,209 live websites (10.42% of WordPress install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-2745 and the relative popularity of websites