WordPress Plugin Vulnerabilities

Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download

Description

The plugin is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.

Proof of Concept

# As contributor, navigate to https://target/blog/wp-admin/post-new.php?post_type=lana_download

# Inside "File (URL):" input, fill the file you want to download, for example: wp-config.php

# Save the post

# To download the file, you will be able to see a link that will directly download file

https://target/blog/download/1/

Affects Plugins

Plugin icon
lana-downloads-manager
Fixed in 1.8.0

References

CVE
CVE-2022-2392

Classification

Type
FILE DOWNLOAD
OWASP top 10
A1: Injection
CWE
CWE-552
CVSS
7.6 (high)

Miscellaneous

Original Researcher
Raad Haddad of Cloudyrion GmbH
Submitter
Raad Haddad of Cloudyrion GmbH
Submitter twitter
raadfhaddad
Verified
Yes
WPVDB ID
5001ed18-858e-4c9d-9d7b-a1305fcdf61b

Timeline

Publicly Published
2022-08-01 (about 1 years ago)
Added
2022-08-01 (about 1 years ago)
Last Updated
2023-04-28 (about 1 years ago)

Other

Published
Title
Published
2021-04-14
Title
Plus Addons for Elementor < 2.0.7 - Contributor+ Arbitrary File Access
Published
2023-01-31
Title
Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download
Published
2023-04-19
Title
KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download
Published
2022-11-28
Title
Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download
Published
2022-01-06
Title
RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read