CVE-2024-13617 Information

Description

The aoa-downloadable WordPress plugin through 0.1.0 doesn’t validate a parameter in its download function allowing unauthenticated attackers to download arbitrary files from the server

Reference

https://wpscan.com/vulnerability/8d6dd979-21ef-4d14-9c42-bbd1d7b65c53/