SecuritySpace - CVE-2020-24312

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2020-24312

Description: mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2020-24312
https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/

CVE ID:	CVE-2020-24312
Description:	mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2020-24312 https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/