CVE-2021-24692

CVE-2021-24692: Simple Download Monitor < 3.9.5 - Contributor+ Arbitrary File Download via Path Traversal

Vendor Unknown
Product Simple Download Monitor
Weakness CWE-22 · Path traversal
Published March 14, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.

Key dates

02Disclosure timeline

March 14, 2022 CVE published
August 3, 2024 Record updated