CVE-2024-13618 Information

Description

The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint allowing unauthenticated visitors to make requests to arbitrary URLs.

Reference

https://wpscan.com/vulnerability/d6a78233-3f23-4da4-9bc0-1439cde20a30/