The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php.
CVE ID: CVE-2024-8031
Vendor: Unknown
Product: Secure Downloads
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 10.87% (scored less or equal to compared to others)
EPSS Date: 2025-06-13 (when was this score calculated)