关键信息 漏洞概述 漏洞名称: WordPress Web3Press Plugin <= 3.2.0 is vulnerable to Arbitrary File Download 优先级: Medium CVSS评分: 6.5 风险: This vulnerability is moderately dangerous and expected to become exploited. 影响版本 易受攻击的版本: <= 3.2.0 修复版本: 3.3.0 漏洞描述 类型: Arbitrary File Download 描述: This could allow a malicious actor to download any file from your website. This includes but is not limited to files that contain login credentials or backup files. 解决方案 1. 自动缓解漏洞: Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until you have updated to a fixed version. 2. 更新版本: Update to version 3.3.0 or later to remove the vulnerability. 时间线 报告日期: 19 Apr 2025 早期警告发送给Patchstack客户: 02 May 2025 发布日期: 04 May 2025 其他信息 软件: Web3Press 类型: Plugin