2 matches found
CVE-2020-24141
Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the fileremote parameter to download-add.php. It can help identify open ports, local network hosts and execute...
CVE-2020-24141
CVE-2020-24141 is a server-side request forgery (SSRF) vulnerability in the WordPress WP-DownloadManager plugin, reported for version 1.68.4. The issue arises from the file_remote parameter in download-add.php, enabling an attacker to issue crafted requests from the vulnerable site’s back-end ser...