CVE-2021-31567 Information
Description
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files including sensitive configuration files such as wp-config.php to be downloaded via the &downloadable_file_urls[0] parameter data. It’s also possible to escape from the web server home directory and download any file within the OS.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Reference
https://github.com/WPChill/download-monitor/blob/master/changelog.txt https://wordpress.org/plugins/download-monitor/#developers https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-4-6-authenticated-arbitrary-file-download-vulnerability Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files including sensitive configuration files such as wp-config.php to be downloaded via the &downloadable_file_urls[0] parameter data. It’s also possible to escape from the web server home directory and download any file within the OS.
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
6.8
Share on: