Directory Traversal

2023-05-1808:40:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

461

wordpress

directory traversal

vulnerability

unauthenticated access

arbitrary scripts

file access restrictions

determine_locale function

wp_lang parameter

0.003 Low

EPSS

Percentile

69.9%

JSON

johnpbloch/wordpress-core is vulnerable to Directory Traversal. The vulnerability exists in the determine_locale function via wp_lang parameter due to lack of file access restrictions which allows an unauthenticated attacker to access and load arbitrary translation files and to inject and execute arbitrary scripts.

CPENameOperatorVersion
johnpbloch/wordpress-corele6.1.1
wordpress:sideq5.5.3+dfsg1-1
wordpress:sideq5.6.1+dfsg1-1
wordpress:bustereq5.0.11+dfsg1-0+deb10u1
wordpress:bustereq5.0.10+dfsg1-0+deb10u1
wordpress:bustereq5.0.12+dfsg1-0+deb10u1
johnpbloch/wordpress-corele6.1.1
wordpress:sideq5.5.3+dfsg1-1
wordpress:sideq5.6.1+dfsg1-1
wordpress:bustereq5.0.11+dfsg1-0+deb10u1

Name	Operator	Version
johnpbloch/wordpress-core	le	6.1.1
wordpress:sid	eq	5.5.3+dfsg1-1
wordpress:sid	eq	5.6.1+dfsg1-1
wordpress:buster	eq	5.0.11+dfsg1-0+deb10u1
wordpress:buster	eq	5.0.10+dfsg1-0+deb10u1
wordpress:buster	eq	5.0.12+dfsg1-0+deb10u1
johnpbloch/wordpress-core	le	6.1.1
wordpress:sid	eq	5.5.3+dfsg1-1
wordpress:sid	eq	5.6.1+dfsg1-1
wordpress:buster	eq	5.0.11+dfsg1-0+deb10u1