WordPress Plugin Vulnerabilities

EKC Tournament Manager < 2.2.2 - Admin+ Arbitrary File Download

Description

The plugin allows a logged in admin to download system files outside of the WordPress directory

Proof of Concept

Affects Plugins

Plugin icon
ekc-tournament-manager
Fixed in 2.2.2

References

CVE
CVE-2024-9765

Classification

Type
FILE DOWNLOAD
OWASP top 10
A1: Injection
CWE
CWE-552
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Vuln Seeker Cybersecurity Team
Submitter
Vuln Seeker Cybersecurity Team
Submitter website
https://vulnseeker.org
Verified
Yes
WPVDB ID
c86157b0-43f3-4e82-9697-7dd9401b48d6

Timeline

Publicly Published
2024-09-10 (about 1 year ago)
Added
2024-11-14 (about 1 year ago)
Last Updated
2025-01-10 (about 11 months ago)

Other

Published
Title
Published
2025-12-11
Title
Secure Copy Content Protection and Content Locking < 4.9.3 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File
Published
2022-12-12
Title
Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download
Published
2019-06-02
Title
Simple File List < 3.2.8 - Unauthenticated Arbitrary File Download
Published
2022-08-01
Title
Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download
Published
2025-02-27
Title
wpForo Forum < 2.4.2 - Subscriber+ Arbitrary File Read