0.002 Low
EPSS
Percentile
64.8%
The plugin is vulnerable to SSRF or LFI attacks via the njt-tk-download-video parameter sent by the user not being properly sanitized before used in code.
github.com/secwx/research/blob/main/cve/CVE-2020-24142.md
github.com/secwx/research/blob/main/cve/CVE-2020-24143.md