CVE-2022-2367

WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass

EPSS 1.0%CWE-639

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation

Affected products

Unknown · WSM Downloader

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f