Vulnerabilities (CVE)

Filtered by vendor Wsm Downloader Project Subscribe
Filtered by product Wsm Downloader
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2367 1 Wsm Downloader Project 1 Wsm Downloader 2024-11-21 N/A 7.5 HIGH
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation
CVE-2022-2357 1 Wsm Downloader Project 1 Wsm Downloader 2024-11-21 N/A 7.5 HIGH
The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.