WP-Safety
CVE-2016-10924

Zedna eBook download < 1.2 - Directory Traversal

highImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
7.5
CVSS Score
7.5
CVSS Score
high
Severity
1.2
Patched in
2856d
Time to patch

Description

The ebook-download plugin before 1.2 for WordPress has directory traversal via ebookdownloadurl parameter.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
High
Confidentiality
None
Integrity
None
Availability

Technical Details

Affected versions<1.2
PublishedMarch 29, 2016
Last updatedJanuary 22, 2024
Affected pluginebook-download
References
https://www.wordfence.com/threat-intel/vulnerabilities/id/07aee46a-a32d-4d31-9541-4e183299b09c?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database