5 matches found
CVE-2024-10804
The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...
CVE-2024-10804
The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...
CVE-2024-10804
creationtimestamp| type| source ---|---|--- 2025-03-07 08:35:04+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6817 2025-03-08 04:34:56+00:00| seen| Telegram/vIKFwTGY3sbfywu7KH3zgXq94bykvhw1AKV3z25wU-LQg0...
CVE-2024-10804 Ultimate Video Player <= 10.0 - Unauthenticated Arbitrary File Download
The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...
CVE-2024-10804
CVE-2024-10804 describes a directory traversal vulnerability in the Ultimate Video Player WordPress & WooCommerce Plugin (≤ v10.0) that permits unauthenticated attackers to read arbitrary server files via content/downloader.php. The associated metrics show a CVSS v3.1 base score of 7.5 (High) wit...