Path Traversal Vulnerability in Dashboard Prior to 1.8.6
CVE-2024-35162

Currently unrated

Key Information:

Vendor: WPfactory Llc
Status: Download Plugins And Themes From Dashboard
Vendor: CVE Published:; 22 May 2024

What is CVE-2024-35162?

Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switch_themes" privilege may obtain arbitrary files on the server.

Affected Version(s)

Download Plugins and Themes from Dashboard prior to 1.8.6

References

https://wordpress.org/plugins/download-plugins-dashboard/

https://jvn.jp/en/jp/JVN85380030/

Timeline

Vulnerability published
May 22, 2024
Vulnerability Reserved
May 10, 2024

WPfactory Llc

What is CVE-2024-35162?

Affected Version(s)

References

Timeline