CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-8031: Secure Downloads < 1.2.3 - Admin+ Arbitrary File Download

Description

The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php.

Classification

CVE ID: CVE-2024-8031

Problem Types

CWE-552 Files or Directories Accessible to External Parties

Affected Products

Vendor: Unknown

Product: Secure Downloads

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 10.87% (scored less or equal to compared to others)

EPSS Date: 2025-06-13 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-8031
https://wpscan.com/vulnerability/c6f54e6f-0a50-424f-ae3a-00b9880d9f13/

Timeline

2025-05-15 21:40:24 UTC
CVE

Secure Downloads < 1.2.3 - Admin+ Arbitrary File Download