Published: 06/09/2022 Updated: 09/09/2022

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles() function found in the ~/Admin/Menu/Packages.php file that triggers upon download post deletion. This makes it possible for contributor level users and above to supply an arbitrary file path via the 'file[files]' parameter when creating a download post and once the user deletes the post the supplied arbitrary file will be deleted. This can be used by malicious users to delete the /wp-config.php file which will reset the installation and make it possible for an malicious user to achieve remote code execution on the server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wpdownloadmanager wordpress download manager

WordPress Download Manager plugin versions 3250 and below suffer from an arbitrary file deletion vulnerability ...

CWE-610 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2762092%40download-manager&new=2762092%40download-manager&sfp_email=&sfph_mail=https://packetstormsecurity.com/files/167920/wpdownloadmanager3250-filedelete.txt https://www.wordfence.com/blog/2022/08/high-severity-vulnerability-patched-in-download-manager-plugin/https://nvd.nist.gov https://packetstormsecurity.com/files/167920/WordPress-Download-Manager-3.2.50-Arbitrary-File-Deletion.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-2431

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect