Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5.8.9, from 5.7 through 5.7.11, from 5.6 through 5.6.13, from 5.5 through 5.5.14, from 5.4 through 5.4.15, from 5.3 through 5.3.17, from 5.2 through 5.2.20, from 5.1 through 5.1.18, from 5.0 through 5.0.21, from 4.9 through 4.9.25, from 4.8 through 4.8.24, from 4.7 through 4.7.28, from 4.6 through 4.6.28, from 4.5 through 4.5.31, from 4.4 through 4.4.32, from 4.3 through 4.3.33, from 4.2 through 4.2.37, from 4.1 through 4.1.40.
CVSS breakdown
Affected products
- Automattic / WordPress6.5 – 6.5.4
- Automattic / WordPress6.4 – 6.4.4
- Automattic / WordPress6.3 – 6.3.4
- Automattic / WordPress6.2 – 6.2.5
- Automattic / WordPress6.1 – 6.1.6
- Automattic / WordPress6.0 – 6.0.8
- Automattic / WordPress5.9 – 5.9.9
- Automattic / WordPress5.8 – 5.8.9
- Automattic / WordPress5.7 – 5.7.11
- Automattic / WordPress5.6 – 5.6.13
- Automattic / WordPress5.5 – 5.5.14
- Automattic / WordPress5.4 – 5.4.15
- Automattic / WordPress5.3 – 5.3.17
- Automattic / WordPress5.2 – 5.2.20
- Automattic / WordPress5.1 – 5.1.18
- Automattic / WordPress5.0 – 5.0.21
- Automattic / WordPress4.9 – 4.9.25
- Automattic / WordPress4.8 – 4.8.24
- Automattic / WordPress4.7 – 4.7.28
- Automattic / WordPress4.6 – 4.6.28
- Automattic / WordPress4.5 – 4.5.31
- Automattic / WordPress4.4 – 4.4.32
- Automattic / WordPress4.3 – 4.3.33
- Automattic / WordPress4.2 – 4.2.37
- Automattic / WordPress4.1 – 4.1.40