CVE-2024-32111
WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5.8.9, from 5.7 through 5.7.11, from 5.6 through 5.6.13, from 5.5 through 5.5.14, from 5.4 through 5.4.15, from 5.3 through 5.3.17, from 5.2 through 5.2.20, from 5.1 through 5.1.18, from 5.0 through 5.0.21, from 4.9 through 4.9.25, from 4.8 through 4.8.24, from 4.7 through 4.7.28, from 4.6 through 4.6.28, from 4.5 through 4.5.31, from 4.4 through 4.4.32, from 4.3 through 4.3.33, from 4.2 through 4.2.37, from 4.1 through 4.1.40.
WordPress Core is vulnerable to Directory Traversal in various versions up to 6.5.5 via the Template Part block. This makes it possible for authenticated attackers, with Contributor-level access and above, to include arbitrary HTML Files on sites running Windows.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-04-10 CVE Reserved
- 2024-06-24 CVE Published
- 2024-06-26 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
- CAPEC-139: Relative Path Traversal
References (2)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 6.5.0 <= 6.5.4 Search vendor "Automattic" for product "WordPress" and version " >= 6.5.0 <= 6.5.4" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 6.4.0 <= 6.4.4 Search vendor "Automattic" for product "WordPress" and version " >= 6.4.0 <= 6.4.4" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 6.3.0 <= 6.3.4 Search vendor "Automattic" for product "WordPress" and version " >= 6.3.0 <= 6.3.4" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 6.2.0 <= 6.2.5 Search vendor "Automattic" for product "WordPress" and version " >= 6.2.0 <= 6.2.5" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 6.1.0 <= 6.1.6 Search vendor "Automattic" for product "WordPress" and version " >= 6.1.0 <= 6.1.6" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 6.0.0 <= 6.0.8 Search vendor "Automattic" for product "WordPress" and version " >= 6.0.0 <= 6.0.8" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 5.9.0 <= 5.9.9 Search vendor "Automattic" for product "WordPress" and version " >= 5.9.0 <= 5.9.9" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 5.8.0 <= 5.8.9 Search vendor "Automattic" for product "WordPress" and version " >= 5.8.0 <= 5.8.9" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 5.7.0 <= 5.7.11 Search vendor "Automattic" for product "WordPress" and version " >= 5.7.0 <= 5.7.11" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 5.6.0 <= 5.6.13 Search vendor "Automattic" for product "WordPress" and version " >= 5.6.0 <= 5.6.13" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 5.5.0 <= 5.5.14 Search vendor "Automattic" for product "WordPress" and version " >= 5.5.0 <= 5.5.14" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 5.4.0 <= 5.4.15 Search vendor "Automattic" for product "WordPress" and version " >= 5.4.0 <= 5.4.15" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 5.3.0 <= 5.3.17 Search vendor "Automattic" for product "WordPress" and version " >= 5.3.0 <= 5.3.17" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 5.2.0 <= 5.2.20 Search vendor "Automattic" for product "WordPress" and version " >= 5.2.0 <= 5.2.20" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 5.1.0 <= 5.1.18 Search vendor "Automattic" for product "WordPress" and version " >= 5.1.0 <= 5.1.18" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 5.0.0 <= 5.0.21 Search vendor "Automattic" for product "WordPress" and version " >= 5.0.0 <= 5.0.21" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 4.9.0 <= 4.9.25 Search vendor "Automattic" for product "WordPress" and version " >= 4.9.0 <= 4.9.25" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 4.8.0 <= 4.8.24 Search vendor "Automattic" for product "WordPress" and version " >= 4.8.0 <= 4.8.24" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 4.7.0 <= 4.7.28 Search vendor "Automattic" for product "WordPress" and version " >= 4.7.0 <= 4.7.28" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 4.6.0 <= 4.6.28 Search vendor "Automattic" for product "WordPress" and version " >= 4.6.0 <= 4.6.28" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 4.5.0 <= 4.5.31 Search vendor "Automattic" for product "WordPress" and version " >= 4.5.0 <= 4.5.31" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 4.4.0 <= 4.4.32 Search vendor "Automattic" for product "WordPress" and version " >= 4.4.0 <= 4.4.32" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 4.3.0 <= 4.3.33 Search vendor "Automattic" for product "WordPress" and version " >= 4.3.0 <= 4.3.33" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 4.2.0 <= 4.2.37 Search vendor "Automattic" for product "WordPress" and version " >= 4.2.0 <= 4.2.37" | en |
Affected
| ||||||
Automattic Search vendor "Automattic" | WordPress Search vendor "Automattic" for product "WordPress" | >= 4.1.0 <= 4.1.40 Search vendor "Automattic" for product "WordPress" and version " >= 4.1.0 <= 4.1.40" | en |
Affected
|