[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":17,"vulnerability-26965":24},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},["Island",18],{"key":19,"params":20,"result":22},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":21},"{\"text-color\":\"gray\"}",{"head":23},{},{"id":25,"detectable_with":26,"vuln_details":33,"vuln_id":50,"name":51,"published":52,"updated":34},26965,{"tool":27,"engine":30},{"id":28,"name":29},1,"Network Scanner",{"id":31,"name":32},2,"Nuclei",{"id":25,"codename":34,"description":34,"severity":35,"risk_description":36,"public_description":37,"public_recommendation":38,"recommendation":34,"references":39,"cvssv3":43,"epss_score":44,"epss_percentile":45,"cve":46,"in_cisa_catalog":48,"date":49,"software_type":34,"vendor":34,"product":34,"ptt_exploit_capabilities":34},null,"medium","Unauthenticated attackers can access sensitive files stored in the download-manager-files directory due to directory listing, potentially exposing confidential documents or data.","The WordPress Download Manager plugin before version 3.3.07 does not prevent directory listing on web servers that don't use htaccess, allowing unauthorized access to files stored in the download-manager-files directory.","Update the WordPress Download Manager plugin to version 3.3.07 or later.",[40,41,42],"https://wpscan.com/vulnerability/c2c69a44-4ecc-41d1-a10c-cfe9c875b803/","https://research.cleantalk.org/cve-2024-13126/","https://nvd.nist.gov/vuln/detail/CVE-2024-13126",5.3,0.00607,0.69619,[47],"CVE-2024-13126",false,"2025-03-16T00:00:00Z","NETSCAN-NUCLEI-CVE-CVE-2024-13126","WordPress Download Manager \u003C 3.3.07 - Unauthenticated Data Exposure","2025-04-05T00:00:00Z"]