CVE-2024-13126

Summary

The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.

Affected Software

VendorProductVersion RangeStatus
UnknownDownload Manager0 < 3.3.07affected

Weaknesses

  • CWE-552 Files or Directories Accessible to External Parties

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References