CVE-2022-2367

Summary

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation

Affected Software

VendorProductVersion RangeStatus
UnknownWSM Downloader1.4.0 <= 1.4.0affected

Weaknesses

  • CWE-639: CWE-639 Authorization Bypass Through User-Controlled Key

ADP Enrichment

CVE Program Container

Additional References

References