CVE-2020-24146

2021-07-0713:38:45

mitre

www.cve.org

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.8%

JSON

Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action.

References

github.com/secwx/research/blob/main/cve/CVE-2020-24146.md

wordpress.org/plugins/cm-download-manager/#developers