CVE-2024-8031

Name of the Vulnerable Software and Affected Versions: Secure Downloads WordPress plugin versions prior to 1.2.3

Description: The issue allows authenticated attackers with admin-level access and above to download arbitrary files, potentially containing sensitive information, such as the wp-config.php file. This is due to the plugin not properly restricting which files can be downloaded.

Recommendations: For Secure Downloads WordPress plugin versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.