CVE-2024-32111
WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5.8.9, from 5.7 through 5.7.11, from 5.6 through 5.6.13, from 5.5 through 5.5.14, from 5.4 through 5.4.15, from 5.3 through 5.3.17, from 5.2 through 5.2.20, from 5.1 through 5.1.18, from 5.0 through 5.0.21, from 4.9 through 4.9.25, from 4.8 through 4.8.24, from 4.7 through 4.7.28, from 4.6 through 4.6.28, from 4.5 through 4.5.31, from 4.4 through 4.4.32, from 4.3 through 4.3.33, from 4.2 through 4.2.37, from 4.1 through 4.1.40.
How to fix CVE-2024-32111
To remediate CVE-2024-32111, upgrade the affected package to a fixed version below.
- —upgrade to 4.1.41 or later
- —upgrade to 4.1.41 or later
Is CVE-2024-32111 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 4.1.0, < 4.1.41, >= 4.2.0, < 4.2.38, >= 4.3.0, < 4.3.34, >= 4.4.0, < 4.4.33, >= 4.5.0, < 4.5.32, >= 4.6.0, < 4.6.29, >= 4.7.0, < 4.7.29, >= 4.8.0, < 4.8.25, >= 4.9.0, < 4.9.26, >= 5.0.0, < 5.0.22, >= 5.1.0, < 5.1.19, >= 5.2.0, < 5.2.21, >= 5.3.0, < 5.3.18, >= 5.4.0, < 5.4.16, >= 5.5.0, < 5.5.15, >= 5.6.0, < 5.6.14, >= 5.7.0, < 5.7.12, >= 5.8.0, < 5.8.10, >= 5.9.0, < 5.9.10, >= 6.0.0, < 6.0.9, >= 6.1.0, < 6.1.7, >= 6.2.0, < 6.2.6, >= 6.3.0, < 6.3.5, >= 6.4.0, < 6.4.5, >= 6.5.0, < 6.5.5
- >= 4.1.0, < 4.1.41, >= 4.2.0, < 4.2.38, >= 4.3.0, < 4.3.34, >= 4.4.0, < 4.4.33, >= 4.5.0, < 4.5.32, >= 4.6.0, < 4.6.29, >= 4.7.0, < 4.7.29, >= 4.8.0, < 4.8.25, >= 4.9.0, < 4.9.26, >= 5.0.0, < 5.0.22, >= 5.1.0, < 5.1.19, >= 5.2.0, < 5.2.21, >= 5.3.0, < 5.3.18, >= 5.4.0, < 5.4.16, >= 5.5.0, < 5.5.15, >= 5.6.0, < 5.6.14, >= 5.7.0, < 5.7.12, >= 5.8.0, < 5.8.10, >= 5.9.0, < 5.9.10, >= 6.0.0, < 6.0.9, >= 6.1.0, < 6.1.7, >= 6.2.0, < 6.2.6, >= 6.3.0, < 6.3.5, >= 6.4.0, < 6.4.5, >= 6.5.0, < 6.5.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.0 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |