{"vulnerability": "CVE-2021-34638", "sightings": [{"uuid": "344eb8f4-9806-4728-9764-74e29c6703bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34638", "type": "seen", "source": "https://t.me/cibsecurity/26896", "content": "\u203c CVE-2021-34638 \u203c\n\nAuthenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T00:31:36.000000Z"}]}