CVE-2021-34638

State: PUBLISHED · Published: 2021-08-05 · Updated: 2024-08-04 · Assigner: Wordfence

Description

Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions.

CWE

CWE-22 — CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-79 — CWE-79 Cross-site Scripting (XSS)
CWE-540 — CWE-540 Information Exposure Through Source Code

Affected

W3 Eden, Inc. / WordPress Download Manager — v=3.1.24 ≤3.1.24 [affected]

CVSS

3.1 score=6.5 severity=MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

https://www.wordfence.com/blog/2021/07/wordpress-download-manager-vulnerabilities/ x_refsource_MISC

Source

cvelistV5-main/cves/2021/34xxx/CVE-2021-34638.json