CVE-2024-32111 — Path Traversal in Wordpress
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 38.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 25
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5.8.9, from 5.7 through 5.7.11, from 5.6 through 5.6.13, from 5.5 through 5.5.14, from 5.4 through 5.4.15, from 5.3 through 5.3.17, from …
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.4
Affected Packages2 packages
🔴Vulnerability Details
2GHSA▶
GHSA-6j7w-22rc-9895: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal↗2024-06-25
OSV▶
CVE-2024-32111: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal↗2024-06-25
📋Vendor Advisories
1Debian▶
CVE-2024-32111: wordpress - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v...↗2024