PT-2022-16086 · WordPress · Wsm Downloader
Raad Haddad
·
Published
2022-08-08
·
Updated
2022-08-12
·
CVE-2022-2357
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WSM Downloader WordPress plugin versions 1.4.0 and earlier
Description
The issue allows any visitor to use the remote file download feature of the WSM Downloader WordPress plugin to download local files, including sensitive ones like
wp-config.php. This could potentially expose sensitive information.Recommendations
For WSM Downloader WordPress plugin versions 1.4.0 and earlier, consider disabling the remote file download feature until a patch is available. Restrict access to sensitive files like
wp-config.php to minimize the risk of exploitation.Exploit
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wsm Downloader