WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3)

Description

WordPress Plugin SS Downloads is prone to cross-site request forgery and information disclosure vulnerabilities. An attacker can exploit these issues to perform certain administrative actions and gain unauthorized access to the affected application, or to obtain sensitive information that may help in launching further attacks. WordPress Plugin SS Downloads version 1.4.3 is vulnerable; prior versions may also be affected.

Remediation

Update to the latest version

References

http://1337day.com/exploits/18530

http://packetstormsecurity.com/files/113431/WordPress-SS-Downloads-1.4.3-Cross-Site-Request-Forgery-File-Disclosure.html

Related Vulnerabilities

Oracle HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3195)

Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20677)

SharePoint CVE-2021-41344 Vulnerability (CVE-2021-41344)

OpenSSL DEPRECATED: Code Vulnerability (CVE-2015-0290)

MySQL CVE-2016-0505 Vulnerability (CVE-2016-0505)

Severity

High

Classification

CWE-352 CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update CSRF Information Disclosure