CVE-2024-32111 Information

Description

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4 from 6.4 through 6.4.4 from 6.3 through 6.3.4 from 6.2 through 6.2.5 from 6.1 through 6.1.6 from 6.0 through 6.0.8 from 5.9 through 5.9.9 from 5.8 through 5.8.9 from 5.7 through 5.7.11 from 5.6 through 5.6.13 from 5.5 through 5.5.14 from 5.4 through 5.4.15 from 5.3 through 5.3.17 from 5.2 through 5.2.20 from 5.1 through 5.1.18 from 5.0 through 5.0.21 from 4.9 through 4.9.25 from 4.8 through 4.8.24 from 4.7 through 4.7.28 from 4.6 through 4.6.28 from 4.5 through 4.5.31 from 4.4 through 4.4.32 from 4.3 through 4.3.33 from 4.2 through 4.2.37 from 4.1 through 4.1.40.

Reference

https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-5-5-contributor-arbitrary-html-file-read-windows-only-vulnerability?_s_id=cve https://wordpress.org/news/2024/06/wordpress-6-5-5/