CVE-2020-24141
Description
Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application. It can help identify open ports, local network hosts and execute command on services
VulnerabilityType Other
Server-side request forgery
Vendor of Product
Lester Chan
Affected Product Code Base
Wordpress Plugin - WP-DownloadManager - 1.68.4
Attack Type
Remote
Impact Denial of Service
true
Impact Information Disclosure
true
Reference
- http://lester.com
- http://wordpress.com
- https://github.com/secwx/research/blob/main/cve/CVE-2020-24141.md
Has vendor confirmed or acknowledged the vulnerability?
true
Discoverer
Suzhou Aurora Infinity Information Technology Co., Ltd.