WordPress Download Monitor plugin <= 4.4.6 - Authenticated Arbitrary File Download vulnerability
CVE-2021-31567

6.8MEDIUM

Key Information:

Vendor: Wordpress
Status: Download Monitor
Vendor: CVE Published:; 28 January 2022

What is CVE-2021-31567?

Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS.

References

https://wordpress.org/plugins/download-monitor/#developers

x_refsource_CONFIRM

https://github.com/WPChill/download-monitor/blob/master/c...

x_refsource_CONFIRM

https://patchstack.com/database/vulnerability/download-mo...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2022
Vulnerability Reserved
Jan 13, 2022

Credit

Vulnerability discovered by Ex.Mi (Patchstack).

Wordpress

What is CVE-2021-31567?

References

CVSS V3.1

Timeline

Credit