CVE-2024-13126
Download Manager < 3.3.07 - Unauthenticated Data Exposure
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 4.6EPSS 0.5%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
16 mar 2025Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Productos afectados
Unknown · Download Manager