CVE-2024-13367

Name of the Vulnerable Software and Affected Versions The Sandbox plugin for WordPress versions up to, and including, 0.4

Description The issue arises from a missing capability check on the export download action, allowing authenticated attackers with Subscriber-level access and above to download a complete copy of a sandbox environment. This environment can contain sensitive information, such as the wp-config.php file.

Recommendations For versions up to, and including, 0.4, consider disabling the export download action until a patch is available to prevent unauthorized access. Restrict access to the sandbox environment to minimize the risk of exploitation. Avoid using the export download action in the affected plugin until the issue is resolved.