CVE-2024-32111

MEDIUM5.0EPSS 0.41%

WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability

Published: 6/27/2024Modified: 5/20/2025

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5.8.9, from 5.7 through 5.7.11, from 5.6 through 5.6.13, from 5.5 through 5.5.14, from 5.4 through 5.4.15, from 5.3 through 5.3.17, from 5.2 through 5.2.20, from 5.1 through 5.1.18, from 5.0 through 5.0.21, from 4.9 through 4.9.25, from 4.8 through 4.8.24, from 4.7 through 4.7.28, from 4.6 through 4.6.28, from 4.5 through 4.5.31, from 4.4 through 4.4.32, from 4.3 through 4.3.33, from 4.2 through 4.2.37, from 4.1 through 4.1.40.

Affected packages (2)

Bitnami/wordpress>= 4.1.0, < 4.1.41, >= 4.2.0, < 4.2.38, >= 4.3.0, < 4.3.34, >= 4.4.0, < 4.4.33, >= 4.5.0, < 4.5.32, >= 4.6.0, < 4.6.29, >= 4.7.0, < 4.7.29, >= 4.8.0, < 4.8.25, >= 4.9.0, < 4.9.26, >= 5.0.0, < 5.0.22, >= 5.1.0, < 5.1.19, >= 5.2.0, < 5.2.21, >= 5.3.0, < 5.3.18, >= 5.4.0, < 5.4.16, >= 5.5.0, < 5.5.15, >= 5.6.0, < 5.6.14, >= 5.7.0, < 5.7.12, >= 5.8.0, < 5.8.10, >= 5.9.0, < 5.9.10, >= 6.0.0, < 6.0.9, >= 6.1.0, < 6.1.7, >= 6.2.0, < 6.2.6, >= 6.3.0, < 6.3.5, >= 6.4.0, < 6.4.5, >= 6.5.0, < 6.5.5
Bitnami/wordpress-multisite>= 4.1.0, < 4.1.41, >= 4.2.0, < 4.2.38, >= 4.3.0, < 4.3.34, >= 4.4.0, < 4.4.33, >= 4.5.0, < 4.5.32, >= 4.6.0, < 4.6.29, >= 4.7.0, < 4.7.29, >= 4.8.0, < 4.8.25, >= 4.9.0, < 4.9.26, >= 5.0.0, < 5.0.22, >= 5.1.0, < 5.1.19, >= 5.2.0, < 5.2.21, >= 5.3.0, < 5.3.18, >= 5.4.0, < 5.4.16, >= 5.5.0, < 5.5.15, >= 5.6.0, < 5.6.14, >= 5.7.0, < 5.7.12, >= 5.8.0, < 5.8.10, >= 5.9.0, < 5.9.10, >= 6.0.0, < 6.0.9, >= 6.1.0, < 6.1.7, >= 6.2.0, < 6.2.6, >= 6.3.0, < 6.3.5, >= 6.4.0, < 6.4.5, >= 6.5.0, < 6.5.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.0	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Description

Affected packages (2)

CVSS scores

References (3)