漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
WordPress Download Manager <= 3.1.24 Authenticated Directory Traversal
Vulnerability Description
Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
WordPress 插件路径遍历漏洞
Vulnerability Description
WordPress 插件是WordPress开源的一个应用插件。 WordPress 下载管理器插件3.1.24之前版本存在路径遍历漏洞,该漏洞源于插件允许已认证用户获取敏感的配置文件信息,同时允许已认证用户执行跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A