Search criteria
4 vulnerabilities found for wsm_downloader by wsm_downloader_project
CVE-2022-2367 (GCVE-0-2022-2367)
Vulnerability from nvd – Published: 2022-08-08 13:47 – Updated: 2024-08-03 00:32
VLAI
Title
WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass
Summary
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation
Severity
No CVSS data available.
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/46afb0c6-2d0c-4a… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WSM Downloader |
Affected:
1.4.0 , ≤ 1.4.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WSM Downloader",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.4.0",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good \"link\" parameter validation"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-08T13:47:24.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WSM Downloader \u003c= 1.4.0 - Domain Name Restriction Bypass",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2367",
"STATE": "PUBLIC",
"TITLE": "WSM Downloader \u003c= 1.4.0 - Domain Name Restriction Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WSM Downloader",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.4.0",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good \"link\" parameter validation"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2367",
"datePublished": "2022-08-08T13:47:24.000Z",
"dateReserved": "2022-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:09.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2357 (GCVE-0-2022-2357)
Vulnerability from nvd – Published: 2022-08-08 13:47 – Updated: 2024-08-03 00:32
VLAI
Title
WSM Downloader <= 1.4.0 - Unauthenticated Arbitrary File Download
Summary
The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.
Severity
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/42499b84-684e-42… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WSM Downloader |
Affected:
1.4.0 , ≤ 1.4.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WSM Downloader",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.4.0",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-08T13:47:08.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WSM Downloader \u003c= 1.4.0 - Unauthenticated Arbitrary File Download",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2357",
"STATE": "PUBLIC",
"TITLE": "WSM Downloader \u003c= 1.4.0 - Unauthenticated Arbitrary File Download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WSM Downloader",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.4.0",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2357",
"datePublished": "2022-08-08T13:47:08.000Z",
"dateReserved": "2022-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:09.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2367 (GCVE-0-2022-2367)
Vulnerability from cvelistv5 – Published: 2022-08-08 13:47 – Updated: 2024-08-03 00:32
VLAI
Title
WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass
Summary
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation
Severity
No CVSS data available.
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/46afb0c6-2d0c-4a… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WSM Downloader |
Affected:
1.4.0 , ≤ 1.4.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WSM Downloader",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.4.0",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good \"link\" parameter validation"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-08T13:47:24.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WSM Downloader \u003c= 1.4.0 - Domain Name Restriction Bypass",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2367",
"STATE": "PUBLIC",
"TITLE": "WSM Downloader \u003c= 1.4.0 - Domain Name Restriction Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WSM Downloader",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.4.0",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good \"link\" parameter validation"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2367",
"datePublished": "2022-08-08T13:47:24.000Z",
"dateReserved": "2022-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:09.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2357 (GCVE-0-2022-2357)
Vulnerability from cvelistv5 – Published: 2022-08-08 13:47 – Updated: 2024-08-03 00:32
VLAI
Title
WSM Downloader <= 1.4.0 - Unauthenticated Arbitrary File Download
Summary
The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.
Severity
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/42499b84-684e-42… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WSM Downloader |
Affected:
1.4.0 , ≤ 1.4.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WSM Downloader",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.4.0",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-08T13:47:08.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WSM Downloader \u003c= 1.4.0 - Unauthenticated Arbitrary File Download",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2357",
"STATE": "PUBLIC",
"TITLE": "WSM Downloader \u003c= 1.4.0 - Unauthenticated Arbitrary File Download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WSM Downloader",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.4.0",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/42499b84-684e-42e1-b7f0-de206d4da553"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2357",
"datePublished": "2022-08-08T13:47:08.000Z",
"dateReserved": "2022-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:09.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}