WordPress Core is vulnerable to Directory Traversal in...
Moderate severity
Unreviewed
Published
Jun 25, 2024
to the GitHub Advisory Database
•
Updated Jun 25, 2024
Description
Published by the National Vulnerability Database
Jun 25, 2024
Published to the GitHub Advisory Database
Jun 25, 2024
Last updated
Jun 25, 2024
WordPress Core is vulnerable to Directory Traversal in various versions up to 6.5.5 via the Template Part block. This makes it possible for authenticated attackers, with Contributor-level access and above, to include arbitrary HTML Files on sites running Windows.
References