CVE-2022-2367

CVE-2022-2367: WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass

Vendor Unknown
Product WSM Downloader
Weakness CWE-639 · IDOR
Published August 8, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation

Key dates

02Disclosure timeline

August 8, 2022 CVE published
August 3, 2024 Record updated