CVE-2024-31342 – WordPress Gallery Exporter plugin <= 1.3 - Arbitrary File Download vulnerability

https://notcve.org/view.php?id=CVE-2024-31342

Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3. The WordPress Gallery Exporter – Export your NextGen, Envira and FooGallery galleries to your computer plugin for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 1.3. This is due to the plugin improperly validating the path to requested file downloads. This makes it possible for authenticated attackers, with administrator-level access and above, to download arbitrary files that may contain sensitive information such as wp-config.php • https://patchstack.com/database/vulnerability/wp-gallery-exporter/wordpress-gallery-exporter-plugin-1-3-arbitrary-file-download-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-862: Missing Authorization •