Vulnerabilities > CVE-2022-2981 - Files or Directories Accessible to External Parties vulnerability in Wpchill Download Monitor

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
wpchill
CWE-552

Summary

The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.

Vulnerable Configurations

Part Description Count
Application
Wpchill
87