CVE-2024-35162

2024-05-2206:15:12

[email protected]

web.nvd.nist.gov

path traversal vulnerability

remote authenticated attacker

arbitrary file access

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with “switch_themes” privilege may obtain arbitrary files on the server.

Affected configurations

Vulners

Node

wpfactory_llcdownload_plugins_and_themes_from_dashboardRange<1.8.6

CNA Affected

[
  {
    "vendor": "WPFactory LLC",
    "product": "Download Plugins and Themes from Dashboard",
    "versions": [
      {
        "version": "prior to 1.8.6",
        "status": "affected"
      }
    ]
  }
]