4 matches found
CVE-2022-2926
The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory...
CVE-2022-2926
creationtimestamp| type| source ---|---|--- 2022-09-26 16:22:01+00:00| seen| https://t.me/cibsecurity/50478 2025-05-21 16:41:34+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17141...
CVE-2022-2926 Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal
The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory...
CVE-2022-2926
CVE-2022-2926 affects the WordPress Download Manager plugin, specifically versions before 3.2.55. The vulnerability arises from a lack of validation in one plugin setting, enabling high-privilege users (e.g., admins) to list and read arbitrary files and folders outside the blog directory via path...