Description
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
Remediation
References
Related Vulnerabilities
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-6926)
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0737)
Chamilo Improper Privilege Management Vulnerability (CVE-2020-23128)