EUVD-2022-34625

Malicious code in bioql PyPI...

EUVD-2022-34635

Malicious code in bioql PyPI...

CVE-2022-2367

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

CVE-2022-2357

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php...

CVE-2022-2357

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php...

CVE-2022-2367

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

CVE-2022-2357

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php...

CVE-2022-2357

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php...

CVE-2022-2367

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

Remote file inclusion

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php...

Design/Logic Flaw

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

CVE-2022-2367

The CVE-2022-2367 entry concerns the WordPress plugin WSM Downloader (versions ≤ 1.4.0). The vulnerability arises from inadequate validation of the link parameter, allowing bypass of domain restrictions intended to limit which images/files can be downloaded. Affected component/file: WSM Downloade...

CVE-2022-2367 WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

CVE-2022-2357

The CVE-2022-2357 entry concerns the WordPress WSM Downloader plugin (versions 1.4.0 and earlier). The vulnerability resides in the plugin’s remote file download feature, enabling unauthenticated access to download local files (including wp-config.php). This is an unauthenticated arbitrary-file-d...

CVE-2022-2357 WSM Downloader <= 1.4.0 - Unauthenticated Arbitrary File Download

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php...

WordPress Plugin WSM Downloader 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin WSM Downloader 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-16086 · WordPress · Wsm Downloader

Name of the Vulnerable Software and Affected Versions: WSM Downloader WordPress plugin versions 1.4.0 and earlier Description: The issue allows any visitor to use the remote file download feature of the WSM Downloader WordPress plugin to download local files, including sensitive ones like...

WordPress WSM Downloader plugin <= 1.4.0 - Domain Name Restriction Bypass vulnerability

Domain Name Restriction Bypass vulnerability discovered by Raad Haddad in WordPress WSM Downloader plugin versions = 1.4.0. Solution Deactivate and delete. This plugin has been closed as of July 8, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress WSM Downloader plugin <= 1.4.0 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by Raad Haddad in WordPress WSM Downloader plugin versions = 1.4.0. Solution Deactivate and delete. This plugin has been closed as of July 8, 2022 and is not available for download. This closure is temporary, pending a full review...