CVE-2024-35754
CVE-2024-35754 affects Ovic Importer (WordPress plugin) up to version 1.6.3. The issue is an improper limitation of a pathname to a restricted directory, enabling authenticated Arbitrary File Download (path traversal). Root cause is insufficient path validation in the importer’s file access logic...