Missing Authorization vulnerability in Download Media
CVE-2024-27190

8.8HIGH

Key Information:

Vendor: WordPress
Status: Download Media
Vendor: CVE Published:; 21 March 2024

Summary

A missing authorization vulnerability has been identified in the Download Media plugin developed by Jean-David Daviet, affecting all versions up to 1.4.2. This vulnerability allows unauthorized users to access restricted media files, potentially leading to information leakage and exploitation. It is crucial for users of this plugin to review their implementations and apply the necessary patches to secure their media assets.

Affected Version(s)

Download Media <= 1.4.2

References

https://patchstack.com/database/vulnerability/download-me...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2024
Vulnerability Reserved
Feb 21, 2024

Credit

Steven Julian (Patchstack Alliance)