Secure Downloads < 1.2.3 – Admin+ Arbitrary File Download | CVE 2024-8031 | Plugin Vulnerabilities

Description

The plugin is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php.

Proof of Concept

1) Click on the menu "Secure Downloads" -> "Files";
2) In "File List", replace the pre-filled text with:
```
    Text Files
    1,Text File,1.0,Simple TXT file,/../../../../../../../../etc/passwd
```
3) save changes with "Save changes";
4) Click on the menu "Secure Downloads" -> "Secure Links";
5) click on "Generate" and copy the link to an incognito window;
6) the downloaded file will contain the contents of /etc/passwd (Linux).

Affects Plugins

secure-downloads

Fixed in 1.2.3

References

CVE

Classification

Type

FILE DOWNLOAD

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Emiliano Versini

Submitter

Emiliano Versini

Submitter website

https://github.com/emizzz

Verified

Yes

WPVDB ID

c6f54e6f-0a50-424f-ae3a-00b9880d9f13

Timeline

Publicly Published

2024-07-09 (about 1 year ago)

Added

2024-09-03 (about 1 year ago)

Last Updated

2024-09-03 (about 1 year ago)

Other

Published

Title

Published

2025-09-03

Title

atec Debug < 1.2.23 - Admin+ Arbitrary File Read

Published

2022-09-19

Title

Download Monitor < 4.5.98 - Admin+ Arbitrary File Download

Published

2023-04-19

Title

KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download

Published

2023-06-12

Title

wpForo Forum < 2.1.8 - Subscriber+ Arbitrary File Read, Author+ PHAR Deserialization, and Subscriber+ Server-Side Request Forgery via file_get_contents

Published

2022-07-11

Title

Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download