{
  "id": "CVE-2024-35162",
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "published": "2024-05-22T06:15:12.570",
  "lastModified": "2024-05-22T12:46:53.887",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with \"switch_themes\" privilege may obtain arbitrary files on the server."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de Path traversal existe en las versiones de Download Plugins and Themes from Dashboard anteriores a la 1.8.6. Si se explota esta vulnerabilidad, un atacante remoto autenticado con privilegio \"switch_themes\" puede obtener archivos arbitrarios en el servidor."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://jvn.jp/en/jp/JVN85380030/",
      "source": "vultures@jpcert.or.jp"
    },
    {
      "url": "https://wordpress.org/plugins/download-plugins-dashboard/",
      "source": "vultures@jpcert.or.jp"
    }
  ]
}