VYPR

Aoa Downloadable

by WordPress

CVEs (2)

  • CVE-2024-13617HigMar 25, 2025
    risk 0.56cvss 8.6epss 0.00

    The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server

  • CVE-2024-13618HigMar 25, 2025
    risk 0.47cvss 7.2epss 0.00

    The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.