Описание
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.0 (исключая)
cpe:2.3:a:metagauss:download_plugin:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 47%
0.0024
Низкий
4.3 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 4.3
github
около 3 лет назад
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.
EPSS
Процентиль: 47%
0.0024
Низкий
4.3 Medium
CVSS3
5.4 Medium
CVSS3