cvedb.io
CVE-2021-34638
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2021-08-05T21:15:12.307 · Last modified 2026-06-17T03:56:16.753

Summary

Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions.

Affected products

w3eden — download_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when w3eden ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.