Halulu simple-download-button-shortcode Plugin Download simple-download-button_dl.php information disclosure
CVE-2012-10016

4.3MEDIUM

Key Information:

Vendor
Wordpress
Status
Simple-download-button-shortcode Plugin
Vendor
CVE Published:
17 October 2023

Summary

A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upgrade the affected component. VDB-242190 is the identifier assigned to this vulnerability.

Affected Version(s)

simple-download-button-shortcode Plugin 1.0

References

https://vuldb.com/?id.242190
vdb-entrytechnical-description
https://vuldb.com/?ctiid.242190
signaturepermissions-required
https://github.com/wp-plugins/simple-download-button-shor...
patch

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.