CVE-2023-2745 POC (Proof-of-Concept)

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.

Published: 2023-05-17

CVSS: 6.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Download CVE-2023-2745 POC (Proof-of-Concept) here:

http://zeroday4n6aaxjruc5jgvulkdgy4mkioom5g6q7l3nz475a62vmamiyd.onion/exploit-for-cve-2023-2745.721/

Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.

https://connollyfinan.ie/poc-365-cve-2024-34102/

https://connollyfinan.ie/poc-376-cve-2025-64446/

https://connollyfinan.ie/poc-264-cve-2024-21887/

https://connollyfinan.ie/poc-518-cve-2025-54948/

https://connollyfinan.ie/poc-344-cve-2016-7201/