WordPress Downloable by American Osteopathic Association plugin <= 0.1.0 - Unauthenticated SSRF vulnerability

Unauthenticated SSRF vulnerability discovered by Aly Khaled in WordPress Plugin Aoa Downloadable versions = 0.1.0...

CVE-2024-13618

The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

CVE-2024-13617

The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server...

WordPress plugin aoa-downloadable 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

WordPress plugin aoa-downloadable 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

PT-2025-12757 · WordPress · Aoa-Downloadable

Name of the Vulnerable Software and Affected Versions: aoa-downloadable WordPress plugin version 0.1.0 Description: The issue concerns a lack of authorization and authentication for requests to the "download.php" endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

PT-2025-12756 · WordPress · Aoa-Downloadable

Name of the Vulnerable Software and Affected Versions: aoa-downloadable WordPress plugin version 0.1.0 Description: The issue concerns the aoa-downloadable WordPress plugin, which fails to validate a parameter in its download function. This allows unauthenticated attackers to download arbitrary...