VYPR

WSM Downloader

by WordPress

CVEs (2)

  • CVE-2022-2367HigAug 8, 2022
    risk 0.49cvss 7.5epss 0.01

    The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation

  • CVE-2022-2357HigAug 8, 2022
    risk 0.49cvss 7.5epss 0.01

    The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.