Vulnerability Details CVE-2024-13618
The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.1%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2024-13618
-
cpe:2.3:a:osteopathic:downloadable_by_american_osteopathic_association:*