{"uuid": "9e38fd28-d4cf-4b3e-b294-442a134ee3b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2745", "type": "seen", "source": "https://t.me/cibsecurity/64301", "content": "\u203c CVE-2023-2745 \u203c\n\nWordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the \u00e2\u20ac\u02dcwp_lang\u00e2\u20ac\u2122 parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-17T12:31:07.000000Z"}