Open Proxy Vulnerability in File Download Plugin for WordPress
CVE-2015-1000002

8.2HIGH

Key Information:

Vendor: Wordpress
Status: Filedownload
Vendor: CVE Published:; 6 October 2016

What is CVE-2015-1000002?

The File Download plugin for WordPress, specifically version 1.4, contains a vulnerability that allows attackers to exploit an open proxy configuration. This flaw can be leveraged to access potentially sensitive information by misusing the plugin's functionalities.

References

http://www.securityfocus.com/bid/97100

vdb-entryx_refsource_BID

http://www.vapidlabs.com/advisory.php?v=140

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2016
Vulnerability Reserved
Jun 7, 2016

Wordpress

What is CVE-2015-1000002?

References

CVSS V3.1

Timeline