CVE-2021-34638
WordPress Download Manager <= 3.1.24 Authenticated Directory TraversalAuthenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions.
We have discovered 26 live websites that are affected by CVE-2021-34638.
Contact us to get more info
Common Weakness Enumeration
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2021-34638 and the relative popularity of websites