CVE-2021-34638
WordPress Download Manager <= 3.1.24 Authenticated Directory Traversal
Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions.
We have discovered 26 live websites that are affected by CVE-2021-34638.
Affected Software
| Product |  WordPress Download Manager |
| Category | Wordpress Plugins |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 250 |
| Vulnerable Domains | 26 live websites (<0.1% of WordPress Download Manager install base) |
Common Weakness Enumeration
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2021-34638 and the relative popularity of websitesDetails
- Published - Aug 6, 2021
- Updated - Aug 6, 2021
Credits
- Ramuel Gall, Wordfence
CWE
CVE References
CWE References
Countries
 United States | 8 websites |
 Australia | 3 websites |
 France | 2 websites |
 Italy | 2 websites |
 Japan | 2 websites |
 Belgium | 1 websites |
 Brazil | 1 websites |
 Canada | 1 websites |
 Cyprus | 1 websites |
 Czech Republic | 1 websites |
TLDs
| .com | 10 websites |
| .org | 4 websites |
| .it | 2 websites |
| .be | 1 websites |
| .co.jp | 1 websites |
| .com.au | 1 websites |
| .cz | 1 websites |
| .de | 1 websites |
| .fr | 1 websites |
| .jp | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2021-34638 through included software libraries and plugins.Websites affected by CVE-2021-34638
Top websites that are affected by CVE-2021-34638. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.**********.com |  Singapore | ***,*** | |
| ***.***********.***.au | Australia | *,***,*** | |
| ***********.***.au | Australia | *,***,*** | |
| ***********.**.jp | Japan | *,***,*** | |
| *********.com | United States | *,***,*** | |
| ***.*********.com | Canada | *,***,*** | |
| ***.***********.cz | Czech Republic | **,***,*** | |
| ************.jp | Japan | **,***,*** | |
| ******.***.ls |  Lesotho | **,***,*** | |
| ************.***********.***.au | Australia | **,***,*** |