CVE-2022-2357

CVE-2022-2357: WSM Downloader <= 1.4.0 - Unauthenticated Arbitrary File Download

Vendor Unknown
Product WSM Downloader
Weakness CWE-552 · Files accessible externally
Published August 8, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.

Key dates

02Disclosure timeline

August 8, 2022 CVE published
August 3, 2024 Record updated