Security Advisory

CVE-2024-13618

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-25 06:00:13
Last updated 2025-03-25 14:17:37
Assigner WPScan
State PUBLISHED

Description

The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.