CVE-2024-8031

Medium CVSS: 6.5

The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php.

Vendor

Wpbookingcalendar

Product

Secure Downloads

CWE

CWE-552

Yayın Tarihi

2025-05-15 20:15:57

Güncelleme

2025-06-12 16:48:29

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-552 Secure Downloads MEDIUM Wpbookingcalendar 2025

Referanslar

https://wpscan.com/vulnerability/c6f54e6f-0a50-424f-ae3a-00b9880d9f13/

Benzer Kayıtlar

Medium

CVE-2025-4669

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcod…

Medium

CVE-2024-13821

The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in…

Medium

CVE-2024-13323

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' sho…