5 matches found
CVE-2025-10747
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to...
CVE-2025-10747 WP-DownloadManager <= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to...
CVE-2025-10747 WP-DownloadManager <= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to...
WordPress WP-DownloadManager plugin <= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload vulnerability
Authenticated Admin+ Arbitrary File Upload vulnerability discovered by n4ur15 in WordPress Plugin WP-DownloadManager versions = 1.68.11...
WordPress WP-DownloadManager plugin <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read vulnerability
Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Jamshed Yergashvoyev CVE Guy in WordPress Plugin WP-DownloadManager versions = 1.68.10...