Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for WSM Downloader by Unknown

    CVE-2022-2367 (GCVE-0-2022-2367)

    Vulnerability from nvd – Published: 2022-08-08 13:47 – Updated: 2024-08-03 00:32
    VLAI
    Title
    WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass
    Summary
    The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation
    Severity
    No CVSS data available.
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown WSM Downloader Affected: 1.4.0 , ≤ 1.4.0 (custom)
    Create a notification for this product.
    Credits
    Raad Haddad
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:32:09.766Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WSM Downloader",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.0",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Raad Haddad"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good \"link\" parameter validation"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-08T13:47:24.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WSM Downloader \u003c= 1.4.0 - Domain Name Restriction Bypass",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-2367",
              "STATE": "PUBLIC",
              "TITLE": "WSM Downloader \u003c= 1.4.0 - Domain Name Restriction Bypass"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WSM Downloader",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.4.0",
                                "version_value": "1.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Raad Haddad"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good \"link\" parameter validation"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-2367",
        "datePublished": "2022-08-08T13:47:24.000Z",
        "dateReserved": "2022-07-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:32:09.766Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2357 (GCVE-0-2022-2357)

    Vulnerability from nvd – Published: 2022-08-08 13:47 – Updated: 2024-08-03 00:32
    VLAI
    Title
    WSM Downloader <= 1.4.0 - Unauthenticated Arbitrary File Download
    Summary
    The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.
    Severity
    No CVSS data available.
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown WSM Downloader Affected: 1.4.0 , ≤ 1.4.0 (custom)
    Create a notification for this product.
    Credits
    Raad Haddad
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:32:09.411Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WSM Downloader",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.0",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Raad Haddad"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-08T13:47:08.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WSM Downloader \u003c= 1.4.0 - Unauthenticated Arbitrary File Download",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-2357",
              "STATE": "PUBLIC",
              "TITLE": "WSM Downloader \u003c= 1.4.0 - Unauthenticated Arbitrary File Download"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WSM Downloader",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.4.0",
                                "version_value": "1.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Raad Haddad"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-552 Files or Directories Accessible to External Parties"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-2357",
        "datePublished": "2022-08-08T13:47:08.000Z",
        "dateReserved": "2022-07-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:32:09.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2367 (GCVE-0-2022-2367)

    Vulnerability from cvelistv5 – Published: 2022-08-08 13:47 – Updated: 2024-08-03 00:32
    VLAI
    Title
    WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass
    Summary
    The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation
    Severity
    No CVSS data available.
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown WSM Downloader Affected: 1.4.0 , ≤ 1.4.0 (custom)
    Create a notification for this product.
    Credits
    Raad Haddad
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:32:09.766Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WSM Downloader",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.0",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Raad Haddad"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good \"link\" parameter validation"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-08T13:47:24.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WSM Downloader \u003c= 1.4.0 - Domain Name Restriction Bypass",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-2367",
              "STATE": "PUBLIC",
              "TITLE": "WSM Downloader \u003c= 1.4.0 - Domain Name Restriction Bypass"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WSM Downloader",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.4.0",
                                "version_value": "1.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Raad Haddad"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good \"link\" parameter validation"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-2367",
        "datePublished": "2022-08-08T13:47:24.000Z",
        "dateReserved": "2022-07-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:32:09.766Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2357 (GCVE-0-2022-2357)

    Vulnerability from cvelistv5 – Published: 2022-08-08 13:47 – Updated: 2024-08-03 00:32
    VLAI
    Title
    WSM Downloader <= 1.4.0 - Unauthenticated Arbitrary File Download
    Summary
    The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.
    Severity
    No CVSS data available.
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown WSM Downloader Affected: 1.4.0 , ≤ 1.4.0 (custom)
    Create a notification for this product.
    Credits
    Raad Haddad
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:32:09.411Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WSM Downloader",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.0",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Raad Haddad"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-08T13:47:08.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WSM Downloader \u003c= 1.4.0 - Unauthenticated Arbitrary File Download",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-2357",
              "STATE": "PUBLIC",
              "TITLE": "WSM Downloader \u003c= 1.4.0 - Unauthenticated Arbitrary File Download"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WSM Downloader",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.4.0",
                                "version_value": "1.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Raad Haddad"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-552 Files or Directories Accessible to External Parties"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-2357",
        "datePublished": "2022-08-08T13:47:08.000Z",
        "dateReserved": "2022-07-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:32:09.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }