CVE-2022-2367

WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass

EPSS 1.0%CWE-639

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation

Productos afectados

Unknown · WSM Downloader

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f