CVE-2022-2392

The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
lanalana_downloads_manager
𝑥
< 1.8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b
https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b