Vulnerability Details CVE-2022-2357
The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.7%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-2357
-
cpe:2.3:a:wsm_downloader_project:wsm_downloader:1.4.0