Security Advisory

CVE-2024-8031

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-15 20:07:12

Last updated 2025-05-17 03:24:49

Assigner WPScan

State PUBLISHED

Description

The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php.

← Browse all CVEs View on cve.org ↗