CVE-2024-13126: Download Manager < 3.3.07 - Unauthenticated Data Exposure

Description

The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.

Classification

CVE ID: CVE-2024-13126

Problem Types

CWE-552 Files or Directories Accessible to External Parties

Affected Products

Vendor: Unknown

Product: Download Manager

Nuclei Template

http/cves/2024/CVE-2024-13126.yaml

Exploit Prediction Scoring System (EPSS)

EPSS Score: 1.17% (probability of being exploited)

EPSS Percentile: 76.82% (scored less or equal to compared to others)

EPSS Date: 2025-04-14 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-13126
https://wpscan.com/vulnerability/c2c69a44-4ecc-41d1-a10c-cfe9c875b803/

Timeline

2025-03-16 07:40:12 UTC
CVE

Download Manager < 3.3.07 - Unauthenticated Data Exposure