CVE-2022-2367

Published: Aug 8, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation

Affected (1)

Products: Wsm Downloader Project: Wsm Downloader

Wsm Downloader Project

1 product

Wsm Downloader

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wsm Downloader Project Wsm Downloader	Up to 1.4.0

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.