Skip to content
Nuclei Templates

WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure

ID: CVE-2024-13126

Severity: medium

Author: ritikchaddha

Tags: cve,cve2024,wp,wordpress,wp-plugin,directory-listing,download-manager

Description

Section titled “Description”

The WordPress Download Manager plugin before version 3.3.07 does not prevent directory listing on web servers that don’t use htaccess, allowing unauthorized access to files stored in the download-manager-files directory.

YAML Source

Section titled “YAML Source”
id: CVE-2024-13126


info:
  name: WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure
  author: ritikchaddha
  severity: medium
  description: |
    The WordPress Download Manager plugin before version 3.3.07 does not prevent directory listing on web servers that don't use htaccess, allowing unauthorized access to files stored in the download-manager-files directory.
  remediation: |
    Update the WordPress Download Manager plugin to version 3.3.07 or later.
  reference:
    - https://wpscan.com/vulnerability/c2c69a44-4ecc-41d1-a10c-cfe9c875b803/
    - https://research.cleantalk.org/cve-2024-13126/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-13126
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-13126
    cwe-id: CWE-552
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="wp-content/plugins/download-manager/"
    google-query: inurl:"/wp-content/plugins/download-manager/"
    shodan-query: html:"wp-content/plugins/download-manager/"
  tags: cve,cve2024,wp,wordpress,wp-plugin,directory-listing,download-manager


http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/uploads/download-manager-files/"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Index of /wp-content/uploads/download-"
          - "Last modified"
        condition: and
        case-insensitive: true


      - type: status
        status:
          - 200
# digest: 490a004630440220091e8909c3aeb88fe69224bac78ce561aa2cb34508b7c612787e9634023425b102205366facbb83835854416e514cc6a442974d308784753cf62b07bc73959e47c6d:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-13126.yaml"

View on Github