Description
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b
Scores
CVSS v3
6.5
EPSS
0.0086
EPSS Percentile
53.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-552
Status
published
Products (1)
lana/lana_downloads_manager
< 1.8.0
Published
Aug 22, 2022
Tracked Since
Feb 18, 2026