CVE-2024-35162 Information

Description

Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited a remote authenticated attacker with \switch_themes\ privilege may obtain arbitrary files on the server.

Reference

https://wordpress.org/plugins/download-plugins-dashboard/ https://jvn.jp/en/jp/JVN85380030/