WordPress Plugin Vulnerabilities
WordPress Download Manager < 3.1.18 - Unauthorised Download Duplication
Description
The duplicate() method, hooked to the admin_init action did not have any CSRF and authorisation checks, allowing unauthorised users (such as unauthenticated ones) to duplicate arbitrary downloads
Proof of Concept
As an unauthenticated or authenticated user, open the following URL to duplicate the Download with id 717 https://example.com/wp-admin/admin-post.php?wpdm_duplicate=717
Affects Plugins
References
Classification
Type
ACCESS CONTROLS
OWASP top 10
CWE
CVSS
Miscellaneous
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-04-17 (about 3 years ago)
Added
2021-04-17 (about 3 years ago)
Last Updated
2021-04-17 (about 3 years ago)