Описание
The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.3 (исключая)
cpe:2.3:a:wpbookingcalendar:secure_downloads:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 57%
0.00345
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-552
Связанные уязвимости
CVSS3: 6.5
github
9 месяцев назад
The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php.
EPSS
Процентиль: 57%
0.00345
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-552