7.2

CVE-2024-13618

Exploit

EPSS 0.11%
Veröffentlicht 25.03.2025 06:00:13
Zuletzt bearbeitet 20.06.2025 15:50:05
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated Server-Side Request Forgery

The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.

Mögliche Gegenmaßnahme

Downloable by American Osteopathic Association: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Downloable by American Osteopathic Association

Version *-0.1.0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Osteopathic ≫ Downloadable By American Osteopathic Association SwPlatformwordpress Version <= 0.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.299

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.2	3.9	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/d6a78233-3f23-4da4-9bc0-1439cde20a30/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/c660f356-46af-4d34-af82-ab2a0b74dded

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-13618

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-13618

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-13618

EUVD