CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13617 – Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated Arbitrary File Download
https://notcve.org/view.php?id=CVE-2024-13617
04 Mar 2025 — The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server The Downloable by American Osteopathic Association plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 0.1.0. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. • https://wpscan.com/vulnerability/8d6dd979-21ef-4d14-9c42-bbd1d7b65c53 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13618 – Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated SSRF
https://notcve.org/view.php?id=CVE-2024-13618
04 Mar 2025 — The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. The Downloable by American Osteopathic Association plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.0. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be... • https://wpscan.com/vulnerability/d6a78233-3f23-4da4-9bc0-1439cde20a30 • CWE-918: Server-Side Request Forgery (SSRF) •