CVEs-PoC/2021/CVE-2021-34638.md

### [CVE-2021-34638](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34638)
![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Download%20Manager&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.1.24%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-540%20Information%20Exposure%20Through%20Source%20Code&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brightgreen)

### Description

Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/20142995/nuclei-templates