Cyber Resilience

CVE-2023-2745

MediumPublic PoC

Published: 17 May 2023

Published
17 May 2023
Modified
08 April 2026
KEV Added
Patch
CVSS Score v3.1 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
EPSS Score 0.7928 99.1th percentile
Risk Priority 58 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-2745 is a medium-severity Path Traversal (CWE-22) vulnerability in Wordpress Wordpress. Its CVSS base score is 5.4 (Medium).

Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

WordPress Core versions up to and including 6.2 are affected by a directory traversal vulnerability tracked as CVE-2023-2745 and assigned CWE-22. The flaw resides in handling of the wp_lang parameter and enables unauthenticated attackers to access and load arbitrary translation files. When an attacker can also place a crafted translation file on the target site, the same vector can be leveraged for cross-site scripting. The issue received a CVSS 3.1 score of 5.4.

An unauthenticated remote attacker can supply a malicious wp_lang value to traverse directories and retrieve translation files outside the intended scope. If the attacker additionally possesses or obtains an upload capability on the site, the loaded file can contain script payloads that execute in the context of other users, achieving reflected or stored XSS.

Official advisories and the WordPress 6.2.1 maintenance release note that the vulnerability is resolved by the changeset that updates language-file handling and recommend immediate upgrade to version 6.2.1 or later. The referenced Wordfence and Packet Storm entries further detail the patch and provide indicators for detection.

The associated EPSS score reached a peak of 0.7977 with a current value of 0.7928, reflecting sustained exploitation interest after disclosure.

EU & UK References

Vulnerability details

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted…

more

translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

wordpress
wordpress
6.2 · ≤ 4.1.38 · 4.2 — 4.2.35 · 4.3 — 4.3.31

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References