Search criteria
7 vulnerabilities by WordPress Foundation
CVE-2022-4973 (GCVE-0-2022-4973)
Vulnerability from cvelistv5 – Published: 2024-10-16 06:43 – Updated: 2024-10-16 12:59
VLAI?
Summary
WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.
Severity ?
4.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WordPress Foundation | WordPress |
Affected:
* , ≤ 3.6.1
(semver)
Affected: 3.7 , ≤ 3.7.38 (semver) Affected: 3.8 , ≤ 3.8.38 (semver) Affected: 3.9 , ≤ 3.9.36 (semver) Affected: 4.0 , ≤ 4.0.35 (semver) Affected: 4.1 , ≤ 4.1.35 (semver) Affected: 4.2 , ≤ 4.2.32 (semver) Affected: 4.3 , ≤ 4.3.28 (semver) Affected: 4.4 , ≤ 4.4.27 (semver) Affected: 4.5 , ≤ 4.5.26 (semver) Affected: 4.6 , ≤ 4.6.23 (semver) Affected: 4.7 , ≤ 4.7.23 (semver) Affected: 4.8 , ≤ 4.8.19 (semver) Affected: 4.9 , ≤ 4.9.20 (semver) Affected: 5.0 , ≤ 5.0.16 (semver) Affected: 5.1 , ≤ 5.1.13 (semver) Affected: 5.2 , ≤ 5.2.15 (semver) Affected: 5.3 , ≤ 5.3.12 (semver) Affected: 5.4 , ≤ 5.4.10 (semver) Affected: 5.5 , ≤ 5.5.9 (semver) Affected: 5.6 , ≤ 5.6.8 (semver) Affected: 5.7 , ≤ 5.7.6 (semver) Affected: 5.8 , ≤ 5.8.4 (semver) Affected: 5.9 , ≤ 5.9.3 (semver) Affected: 6.0 , ≤ 6.0.1 (semver) |
Credits
John Blackbourn
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T12:59:16.874933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T12:59:35.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WordPress",
"vendor": "WordPress Foundation",
"versions": [
{
"lessThanOrEqual": "3.6.1",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.7.38",
"status": "affected",
"version": "3.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.8.38",
"status": "affected",
"version": "3.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.9.36",
"status": "affected",
"version": "3.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.35",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.1.35",
"status": "affected",
"version": "4.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.32",
"status": "affected",
"version": "4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.3.28",
"status": "affected",
"version": "4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.27",
"status": "affected",
"version": "4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.5.26",
"status": "affected",
"version": "4.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.6.23",
"status": "affected",
"version": "4.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.7.23",
"status": "affected",
"version": "4.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.8.19",
"status": "affected",
"version": "4.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.20",
"status": "affected",
"version": "4.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.16",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.1.13",
"status": "affected",
"version": "5.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.15",
"status": "affected",
"version": "5.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.12",
"status": "affected",
"version": "5.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.10",
"status": "affected",
"version": "5.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.9",
"status": "affected",
"version": "5.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.6.8",
"status": "affected",
"version": "5.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.7.6",
"status": "affected",
"version": "5.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.8.4",
"status": "affected",
"version": "5.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.9.3",
"status": "affected",
"version": "5.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Blackbourn"
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T06:43:41.734Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5582e89-83e6-4898-b9fe-09eddeb5f7ae?source=cve"
},
{
"url": "https://core.trac.wordpress.org/changeset/53961"
},
{
"url": "https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/"
},
{
"url": "https://www.wordfence.com/blog/2022/08/wordpress-core-6-0-2-security-maintenance-release-what-you-need-to-know/"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-30T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WordPress Core \u003c 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-4973",
"datePublished": "2024-10-16T06:43:41.734Z",
"dateReserved": "2024-10-15T18:03:44.130Z",
"dateUpdated": "2024-10-16T12:59:35.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6307 (GCVE-0-2024-6307)
Vulnerability from cvelistv5 – Published: 2024-06-25 11:09 – Updated: 2024-08-01 21:33
VLAI?
Summary
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WordPress Foundation | WordPress |
Affected:
5.9 , ≤ 5.9.9
(semver)
Affected: 6.0 , ≤ 6.0.8 (semver) Affected: 6.1 , ≤ 6.1.6 (semver) Affected: 6.2 , ≤ 6.2.5 (semver) Affected: 6.3 , ≤ 6.3.4 (semver) Affected: 6.4 , ≤ 6.4.4 (semver) Affected: 6.5 , ≤ 6.5.4 (semver) |
Credits
Alex Concha
Dennis Snell
Grzegorz Ziółkowski
Aaron Jorbin
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-06T03:09:30.446123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-06T03:10:01.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0d36f8-6569-49a1-b722-5cf57c4bb32a?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/news/2024/06/wordpress-6-5-5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://core.trac.wordpress.org/changeset/58473"
},
{
"tags": [
"x_transferred"
],
"url": "https://core.trac.wordpress.org/changeset/58472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WordPress",
"vendor": "WordPress Foundation",
"versions": [
{
"lessThanOrEqual": "5.9.9",
"status": "affected",
"version": "5.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.8",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.6",
"status": "affected",
"version": "6.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.5",
"status": "affected",
"version": "6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.4",
"status": "affected",
"version": "6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.4",
"status": "affected",
"version": "6.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Concha"
},
{
"lang": "en",
"type": "finder",
"value": "Dennis Snell"
},
{
"lang": "en",
"type": "finder",
"value": "Grzegorz Zi\u00f3\u0142kowski"
},
{
"lang": "en",
"type": "finder",
"value": "Aaron Jorbin"
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T12:28:10.199Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0d36f8-6569-49a1-b722-5cf57c4bb32a?source=cve"
},
{
"url": "https://wordpress.org/news/2024/06/wordpress-6-5-5/"
},
{
"url": "https://core.trac.wordpress.org/changeset/58473"
},
{
"url": "https://core.trac.wordpress.org/changeset/58472"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-24T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WordPress Core \u003c 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6307",
"datePublished": "2024-06-25T11:09:23.005Z",
"dateReserved": "2024-06-25T11:09:22.494Z",
"dateUpdated": "2024-08-01T21:33:05.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6306 (GCVE-0-2024-6306)
Vulnerability from cvelistv5 – Published: 2024-06-25 11:09 – Updated: 2024-06-25 17:01
VLAI?
**REJECT** Accidental Reservation making this a duplicate. Please use CVE-2024-32111.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-06-25T17:01:00.307Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"rejectedReasons": [
{
"lang": "en",
"value": "**REJECT** Accidental Reservation making this a duplicate. Please use CVE-2024-32111."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6306",
"datePublished": "2024-06-25T11:09:22.113Z",
"dateRejected": "2024-06-25T17:01:00.307Z",
"dateReserved": "2024-06-25T11:09:21.616Z",
"dateUpdated": "2024-06-25T17:01:00.307Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6305 (GCVE-0-2024-6305)
Vulnerability from cvelistv5 – Published: 2024-06-25 11:09 – Updated: 2024-06-25 16:59
VLAI?
**REJECT** Accidental Reservation making this a duplicate. Please use CVE-2024-31111.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-06-25T16:59:45.159Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"rejectedReasons": [
{
"lang": "en",
"value": "**REJECT** Accidental Reservation making this a duplicate. Please use CVE-2024-31111."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6305",
"datePublished": "2024-06-25T11:09:21.240Z",
"dateRejected": "2024-06-25T16:59:45.159Z",
"dateReserved": "2024-06-25T11:09:20.608Z",
"dateUpdated": "2024-06-25T16:59:45.159Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4439 (GCVE-0-2024-4439)
Vulnerability from cvelistv5 – Published: 2024-05-03 05:32 – Updated: 2024-08-01 20:40
VLAI?
Summary
WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WordPress Foundation | WordPress |
Affected:
6.0 , ≤ 6.0.7
(semver)
Affected: 6.1 , ≤ 6.1.5 (semver) Affected: 6.2 , ≤ 6.2.4 (semver) Affected: 6.3 , ≤ 6.3.3 (semver) Affected: 6.4 , ≤ 6.4.3 (semver) Affected: 6.5 , ≤ 6.5.1 (semver) |
Credits
John Blackbourn
Matthew Rollings
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wordpress:wordpress:6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wordpress",
"vendor": "wordpress",
"versions": [
{
"lessThanOrEqual": "6.5.1",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4439",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T19:37:57.427844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:54:08.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e363c09a-4381-4b3a-951c-9a0ff5669016?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/"
},
{
"tags": [
"x_transferred"
],
"url": "https://core.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=57950%40%2F\u0026new=57950%40%2F\u0026sfp_email=\u0026sfph_mail=#file3"
},
{
"tags": [
"x_transferred"
],
"url": "https://core.trac.wordpress.org/changeset/57951/branches/6.4/src/wp-includes/blocks/avatar.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2024/04/unauthenticated-stored-cross-site-scripting-vulnerability-patched-in-wordpress-core/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WordPress",
"vendor": "WordPress Foundation",
"versions": [
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.5",
"status": "affected",
"version": "6.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "6.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.1",
"status": "affected",
"version": "6.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Blackbourn"
},
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author\u0027s avatar."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T05:32:34.988Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e363c09a-4381-4b3a-951c-9a0ff5669016?source=cve"
},
{
"url": "https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/"
},
{
"url": "https://core.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=57950%40%2F\u0026new=57950%40%2F\u0026sfp_email=\u0026sfph_mail=#file3"
},
{
"url": "https://core.trac.wordpress.org/changeset/57951/branches/6.4/src/wp-includes/blocks/avatar.php"
},
{
"url": "https://www.wordfence.com/blog/2024/04/unauthenticated-stored-cross-site-scripting-vulnerability-patched-in-wordpress-core/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-09T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4439",
"datePublished": "2024-05-03T05:32:34.988Z",
"dateReserved": "2024-05-02T16:33:12.426Z",
"dateUpdated": "2024-08-01T20:40:47.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5692 (GCVE-0-2023-5692)
Vulnerability from cvelistv5 – Published: 2024-04-05 12:52 – Updated: 2024-08-02 08:07
VLAI?
Summary
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WordPress Foundation | WordPress |
Affected:
* , ≤ 6.4.3
(semver)
|
Credits
Francesco Carlucci
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T13:58:59.450942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:42.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763"
},
{
"tags": [
"x_transferred"
],
"url": "https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/"
},
{
"tags": [
"x_transferred"
],
"url": "https://developer.wordpress.org/reference/functions/is_post_type_viewable/"
},
{
"tags": [
"x_transferred"
],
"url": "https://core.trac.wordpress.org/changeset/57645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WordPress",
"vendor": "WordPress Foundation",
"versions": [
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose \u0027publicly_queryable\u0027 post status has been set to \u0027false\u0027."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-200 Information Exposure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T12:52:32.816Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve"
},
{
"url": "https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763"
},
{
"url": "https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/"
},
{
"url": "https://developer.wordpress.org/reference/functions/is_post_type_viewable/"
},
{
"url": "https://core.trac.wordpress.org/changeset/57645"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-04-04T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-5692",
"datePublished": "2024-04-05T12:52:32.816Z",
"dateReserved": "2023-10-20T20:25:15.177Z",
"dateUpdated": "2024-08-02T08:07:32.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2745 (GCVE-0-2023-2745)
Vulnerability from cvelistv5 – Published: 2023-05-17 08:36 – Updated: 2025-04-24 18:22
VLAI?
Summary
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
Severity ?
5.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WordPress Foundation | WordPress |
Affected:
* , ≤ 4.1
(semver)
Affected: 4.1 , < 4.1.38 (semver) Affected: 4.2 , < 4.2.35 (semver) Affected: 4.3 , < 4.3.31 (semver) Affected: 4.4 , < 4.4.30 (semver) Affected: 4.5 , < 4.5.29 (semver) Affected: 4.6 , < 4.6.26 (semver) Affected: 4.7 , < 4.7.26 (semver) Affected: 4.8 , < 4.8.22 (semver) Affected: 4.9 , < 4.9.23 (semver) Affected: 5.0 , < 5.0.19 (semver) Affected: 5.1 , < 5.1.16 (semver) Affected: 5.2 , < 5.2.18 (semver) Affected: 5.3 , < 5.3.15 (semver) Affected: 5.4 , < 5.4.13 (semver) Affected: 5.5 , < 5.5.12 (semver) Affected: 5.6 , < 5.6.11 (semver) Affected: 5.7 , < 5.7.9 (semver) Affected: 5.8 , < 5.8.7 (semver) Affected: 5.9 , < 5.9.6 (semver) Affected: 6.0 , < 6.0.4 (semver) Affected: 6.1 , < 6.1.2 (semver) Affected: 6.2 , < 6.2.1 (semver) |
Credits
Ramuel Gall
Matt Rusnak
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-24T18:22:33.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.exploit-db.com/exploits/52274"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/edcf46b6-368e-49c0-b2c3-99bf6e2d358f?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/"
},
{
"tags": [
"x_transferred"
],
"url": "https://core.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=55765%40%2F\u0026new=55765%40%2F\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172426/WordPress-Core-6.2-XSS-CSRF-Directory-Traversal.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00024.html"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:22:24.483760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:49:16.213Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WordPress",
"vendor": "WordPress Foundation",
"versions": [
{
"lessThanOrEqual": "4.1",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "4.1.38",
"status": "affected",
"version": "4.1",
"versionType": "semver"
},
{
"lessThan": "4.2.35",
"status": "affected",
"version": "4.2",
"versionType": "semver"
},
{
"lessThan": "4.3.31",
"status": "affected",
"version": "4.3",
"versionType": "semver"
},
{
"lessThan": "4.4.30",
"status": "affected",
"version": "4.4",
"versionType": "semver"
},
{
"lessThan": "4.5.29",
"status": "affected",
"version": "4.5",
"versionType": "semver"
},
{
"lessThan": "4.6.26",
"status": "affected",
"version": "4.6",
"versionType": "semver"
},
{
"lessThan": "4.7.26",
"status": "affected",
"version": "4.7",
"versionType": "semver"
},
{
"lessThan": "4.8.22",
"status": "affected",
"version": "4.8",
"versionType": "semver"
},
{
"lessThan": "4.9.23",
"status": "affected",
"version": "4.9",
"versionType": "semver"
},
{
"lessThan": "5.0.19",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "5.1.16",
"status": "affected",
"version": "5.1",
"versionType": "semver"
},
{
"lessThan": "5.2.18",
"status": "affected",
"version": "5.2",
"versionType": "semver"
},
{
"lessThan": "5.3.15",
"status": "affected",
"version": "5.3",
"versionType": "semver"
},
{
"lessThan": "5.4.13",
"status": "affected",
"version": "5.4",
"versionType": "semver"
},
{
"lessThan": "5.5.12",
"status": "affected",
"version": "5.5",
"versionType": "semver"
},
{
"lessThan": "5.6.11",
"status": "affected",
"version": "5.6",
"versionType": "semver"
},
{
"lessThan": "5.7.9",
"status": "affected",
"version": "5.7",
"versionType": "semver"
},
{
"lessThan": "5.8.7",
"status": "affected",
"version": "5.8",
"versionType": "semver"
},
{
"lessThan": "5.9.6",
"status": "affected",
"version": "5.9",
"versionType": "semver"
},
{
"lessThan": "6.0.4",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "6.1.2",
"status": "affected",
"version": "6.1",
"versionType": "semver"
},
{
"lessThan": "6.2.1",
"status": "affected",
"version": "6.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ramuel Gall"
},
{
"lang": "en",
"type": "finder",
"value": "Matt Rusnak"
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the \u2018wp_lang\u2019 parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-21T00:06:14.619Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/edcf46b6-368e-49c0-b2c3-99bf6e2d358f?source=cve"
},
{
"url": "https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/"
},
{
"url": "https://core.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=55765%40%2F\u0026new=55765%40%2F\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "http://packetstormsecurity.com/files/172426/WordPress-Core-6.2-XSS-CSRF-Directory-Traversal.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00024.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-16T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-2745",
"datePublished": "2023-05-17T08:36:44.034Z",
"dateReserved": "2023-05-16T19:53:02.398Z",
"dateUpdated": "2025-04-24T18:22:33.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}