exploitDog

GHSA-49q4-53vc-m8p9

Опубликовано: 05 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files.

The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files.

Ссылки

EPSS

Процентиль: 27%

0.00096

Низкий

5.3 Medium

CVSS3

CVE ID

Связанные уязвимости

CVE-2025-11072

CVSS3: 5.3

nvd

3 месяца назад

The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files.

EPSS

Процентиль: 27%

0.00096

Низкий

5.3 Medium

CVSS3

CVE ID