WordPress Plugin Vulnerabilities

Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated SSRF

Description

The plugin lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.

Proof of Concept

Affects Plugins

Plugin icon
aoa-downloadable
No known fix

References

CVE
CVE-2024-13618

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
7.2 (high)

Miscellaneous

Original Researcher
Aly Khaled
Submitter
Aly Khaled
Submitter website
https://0x41ly.github.io/
Submitter twitter
Aly_Khal3d
Verified
Yes
WPVDB ID
d6a78233-3f23-4da4-9bc0-1439cde20a30

Timeline

Publicly Published
2025-03-04 (about 10 months ago)
Added
2025-03-04 (about 10 months ago)
Last Updated
2025-03-04 (about 10 months ago)

Other

Published
Title
Published
2024-12-16
Title
WP All Import Pro < 4.9.4 - Authenticated (Administrator+) Server-Side Request Forgery via File Import
Published
2025-08-14
Title
Simplified <= 1.0.9 - Authenticated (Administrator+) Server-Side Request Forgery
Published
2025-11-17
Title
WP Migrate Lite < 2.7.7 - Unauthenticated Blind Server-Side Request Forgery
Published
2024-03-29
Title
Builderall Builder for WordPress < 2.0.2 - Unauthenticated Server-Side Request Forgery
Published
2020-11-30
Title
Canto < 3.0.9 - Unauthenticated Blind SSRF