CVE-2024-13618

EUVD-2024-54506
The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
osteopathicdownloadable_by_american_osteopathic_association
𝑥
≤ 0.1.0
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/d6a78233-3f23-4da4-9bc0-1439cde20a30/