What the vulnerability does
01Description
Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.
Explanation of Vulnerability in Simple Terms
Download Monitor versions up to 5.1.9 contain a path traversal vulnerability that allows high-privilege users to read files outside the intended directory. An attacker with administrative access can craft requests to access sensitive files on the server. The vulnerability requires high attack complexity and administrative credentials, limiting its practical impact to insider threats or compromised admin accounts.
What an attacker can do
Read arbitrary files on the server outside the plugin's intended directory.
Potential impact on your site
A compromised admin account could expose sensitive server files like configuration or database credentials.
Conditions required to exploit
Attacker must have administrative privileges on the WordPress site.
Key dates
External resources
Related vulnerabilities