GHSA-vh29-7vg4-p7f4

Опубликовано: 25 июн. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

WordPress Core is vulnerable to Directory Traversal in various versions up to 6.5.5 via the Template Part block. This makes it possible for authenticated attackers, with Contributor-level access and above, to include arbitrary HTML Files on sites running Windows.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2024-6306
https://core.trac.wordpress.org/changeset/58470
https://wordpress.org/news/2024/06/wordpress-6-5-5
https://www.wordfence.com/threat-intel/vulnerabilities/id/4af2b01b-2dcb-44ae-a764-8ecc5f8caa81?source=cve

4.3 Medium

CVSS3

CVE ID

CVE-2024-6306

Связанные уязвимости

CVE-2024-6306

nvd

больше 1 года назад

Rejected reason: **REJECT** Accidental Reservation making this a duplicate. Please use CVE-2024-32111.

4.3 Medium

CVSS3

CVE ID

CVE-2024-6306