CVE-2024-13618

Name of the Vulnerable Software and Affected Versions aoa-downloadable WordPress plugin versions 0.1.0 and earlier

Description The issue concerns a lack of authorization and authentication for requests to the "download.php" endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.

Recommendations For versions 0.1.0 and earlier, consider disabling access to the "download.php" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using this endpoint in unauthenticated contexts until the issue is resolved.