← back
CVE-2022-2926

Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal

CVSS 4.9 MEDIUMEPSS 1.3%CWE-22
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.9EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Sep 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected products
Unknown · Download Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785