The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/4c9fe97e-3d9b-4079-88d9-34e2d0605215 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-03-14T14:40:54
Updated: 2022-03-14T14:40:54
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24692
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-14T15:15:08.397
Modified: 2022-03-20T01:52:15.683
Link: CVE-2021-24692
JSON object: View
Redhat Information
No data.
CWE