Use of a Key Past its Expiration Date Affecting johnpbloch/wordpress-core package, versions <5.2.13>=5.3.0, <5.3.10>=5.4.0, <5.4.8>=5.5.0, <5.5.7>=5.6.0, <5.6.6>=5.7.0, <5.7.4>=5.8.0, <5.8.2
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PHP-JOHNPBLOCHWORDPRESSCORE-8648597
- published21 Jan 2025
- disclosed10 Nov 2021
- creditbradleyt
Introduced: 10 Nov 2021
CVE NOT AVAILABLE CWE-324 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade johnpbloch/wordpress-core to version 5.2.13, 5.3.10, 5.4.8, 5.5.7, 5.6.6, 5.7.4, 5.8.2 or higher.
Overview
johnpbloch/wordpress-core is a web software you can use to create a website or blog.
Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to the inclusion of an expired certificate in the ca-bundle.crt file. An attacker can potentially leverage this to conduct man-in-the-middle attacks by intercepting and manipulating secure communications.