{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000049.html",
  "dc:date": "2024-05-17T13:33+09:00",
  "dcterms:issued": "2024-05-17T13:33+09:00",
  "dcterms:modified": "2024-05-17T13:33+09:00",
  "description": "WordPress Plugin \"Download Plugins and Themes from Dashboard\" provided by WPFactory LLC contains a path traversal vulnerability (CWE-22).\r\n\r\nGen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to WPFactory LLC and coordinated. After the coordination was completed, this case was reported to IPA under Information Security Early Warning Partnership, and JPCERT/CC coordinated with the developer for publishing of this advisory.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000049.html",
  "sec:cpe": {
    "#text": "cpe:/a:misc:wpfactory_download_plugins_and_themes_from_dashboard",
    "@product": "Download Plugins and Themes from Dashboard",
    "@vendor": "WPFactory LLC",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "2.7",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000049",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN85380030/index.html",
      "@id": "JVN#85380030",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-35162",
      "@id": "CVE-2024-35162",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    }
  ],
  "title": "WordPress Plugin \"Download Plugins and Themes from Dashboard\" vulnerable to path traversal"
}