4 matches found
CVE-2021-34639
Authenticated File Upload in WordPress Download Manager = 3.1.24 allows authenticated Author+ users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions...
CVE-2021-34639
CVE-2021-34639 affects WordPress Download Manager plugin for WordPress, versions
CVE-2021-34639 WordPress Download Manager <= 3.1.24 Authenticated Arbitrary File Upload
Authenticated File Upload in WordPress Download Manager = 3.1.24 allows authenticated Author+ users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions...
Multiple Vulnerabilities Patched in WordPress Download Manager
On May 4, 2021, the Wordfence Threat Intelligence Team initiated the responsible disclosure process for WordPress Download Manager, a WordPress plugin installed on over 100,000 sites. We found two separate vulnerabilities, including a sensitive information disclosure as well as a file upload...