CVE-2021-24154 – Theme Editor < 2.6 - Authenticated Arbitrary File Download

https://notcve.org/view.php?id=CVE-2021-24154

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd El plugin Theme Editor de WordPress versiones anteriores a 2.6, no comprobaba el parámetro de archivo GET antes de pasarlo a la función download_file(), permitiendo a administradores descargar archivos arbitrarios en el servidor web, como /etc/passwd • https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-552: Files or Directories Accessible to External Parties •