CVE-2021-24692

CWE-22 — Path Traversal3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.7%

top 27.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Simple Download Monitor Tipsandtricks-hq Simple Download Monitor

Timeline

PublishedMar 14

Latest updateMar 15

Description

The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5unknown/simple_download_monitor3.9.5 — 3.9.5

▶NVDtipsandtricks-hq/simple_download_monitor< 3.9.5

🔴Vulnerability Details

GHSA

GHSA-42x6-hm83-gh54: The Simple Download Monitor WordPress plugin before 3↗2022-03-15

▶

CVEList

Simple Download Monitor < 3.9.5 - Contributor+ Arbitrary File Download via Path Traversal↗2022-03-14

▶