← Volver a CVEs
CVE-2024-13126
MEDIUM4.6
Descripcion
The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.
Detalles CVE
Puntuacion CVSS v3.14.6
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado3/16/2025
Ultima modificacion4/9/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
w3eden:download_manager
Debilidades (CWE)
CWE-552
Referencias
https://wpscan.com/vulnerability/c2c69a44-4ecc-41d1-a10c-cfe9c875b803/(contact@wpscan.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.