WordPress Download Manager <= 3.1.24 Authenticated Directory Traversal
CVE-2021-34638

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: WordPress Download Manager
Vendor: CVE Published:; 5 August 2021

Summary

Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions.

Affected Version(s)

WordPress Download Manager 3.1.24

References

https://www.wordfence.com/blog/2021/07/wordpress-download...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 5, 2021
Vulnerability Reserved
Jun 10, 2021

Credit

Ramuel Gall, Wordfence