CVE-2024-35629 | Wow-Company Easy Digital Downloads Plugin up to 1.0.2 on WordPress filename control

Posted by Angelo Barbosa | Jun 4, 2024 | CVE

A vulnerability classified as critical has been found in Wow-Company Easy Digital Downloads Plugin up to 1.0.2 on WordPress. Affected is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is traded as CVE-2024-35629. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-35629 | Wow-Company Easy Digital Downloads Plugin up to 1.0.2 on WordPress filename control

Related Posts

CVE-2024-23321 | Apache RocketMQ up to 5.2.0 information disclosure

CVE-2024-5452 | lightning-ai pytorch-lightning dynamically-determined object attributes

CVE-2024-23310 | Biosig libbiosig 2.5.0 Famos File sopen_FAMOS_read use after free (TALOS-2024-1923)

CVE-2024-6555 | WP Popups Plugin up to 2.2.0.1 on WordPress information disclosure