CVE-2024-13617

Publication date

2025-03-25 06:00:13

Family

WPScan

State

PUBLISHED

Description

The aoa-downloadable WordPress plugin through 0.1.0 doesnt validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server