The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/d94b721e-9ce2-45e5-a673-2a57b0137653 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Aug 2022, 02:47
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://wpscan.com/vulnerability/d94b721e-9ce2-45e5-a673-2a57b0137653 - Exploit, Third Party Advisory | |
CWE | NVD-CWE-noinfo |
22 Aug 2022, 16:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-22 15:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-2362
Mitre link : CVE-2022-2362
CVE.ORG link : CVE-2022-2362
JSON object : View
Products Affected
wpdownloadmanager
- wordpress_download_manager
CWE
NVD-CWE-noinfo
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')