Описание
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service.
Ссылки
- Patch
- Third Party Advisory
Уязвимые конфигурации
EPSS
5.4 Medium
CVSS3
8.1 High
CVSS3
Дефекты
Связанные уязвимости
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service.
EPSS
5.4 Medium
CVSS3
8.1 High
CVSS3