CVE-2024-35162

Summary

Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switch_themes" privilege may obtain arbitrary files on the server.

Affected Software

VendorProductVersion RangeStatus
WPFactory LLCDownload Plugins and Themes from Dashboardprior to 1.8.6affected

Weaknesses

  • Path traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References