Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-13126

CWE-552 — Files Accessible to External Parties4 documents4 sources

Severity

4.6MEDIUM

EPSS

0.6%

top 30.33%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Unknown Download Manager W3eden Download Manager

Timeline

PublishedMar 16

Description

The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages2 packages

▶NVDw3eden/download_manager< 3.3.07

▶CVEListV5unknown/download_manager< 3.3.07

🔴Vulnerability Details

CVEList

Download Manager < 3.3.07 - Unauthenticated Data Exposure↗2025-03-16

▶

GHSA

GHSA-xcfp-c436-mm2r: The Download Manager WordPress plugin before 3↗2025-03-16

▶

💥Exploits & PoCs

Nuclei

WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure

▶