CVE-2024-31342 – WordPress Gallery Exporter plugin <= 1.3 - Arbitrary File Download vulnerability

https://notcve.org/view.php?id=CVE-2024-31342

05 Apr 2024 — Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3. The WordPress Gallery Exporter – Export your NextGen, Envira and FooGallery galleries to your computer plugin for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 1.3. This is due to the plugin improperly validating the path to requested file downloads. This makes it possible for authenticated attackers, with administra... • https://patchstack.com/database/vulnerability/wp-gallery-exporter/wordpress-gallery-exporter-plugin-1-3-arbitrary-file-download-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-862: Missing Authorization •