CVE Vulnerabilities

CVE-2024-13618

Published: Mar 25, 2025 | Modified: Jun 20, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.

Affected Software

Name Vendor Start Version End Version
Downloadable_by_american_osteopathic_association Osteopathic * 0.1.0 (including)

References