Lucene search
+L

4 matches found

NVD
NVD
added 2021/08/05 9:15 p.m.24 views

CVE-2021-34639

Authenticated File Upload in WordPress Download Manager = 3.1.24 allows authenticated Author+ users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions...

8.8CVSS0.0058EPSS
Exploits0References1
CVE
CVE
added 2021/08/05 8:18 p.m.85 views

CVE-2021-34639

CVE-2021-34639 affects WordPress Download Manager plugin for WordPress, versions

8.8CVSS8AI score0.0058EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/08/05 8:18 p.m.36 views

CVE-2021-34639 WordPress Download Manager <= 3.1.24 Authenticated Arbitrary File Upload

Authenticated File Upload in WordPress Download Manager = 3.1.24 allows authenticated Author+ users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions...

7.5CVSS8.7AI score0.0058EPSS
Exploits0References1
Wordfence Blog
Wordfence Blog
added 2021/07/29 4:13 p.m.34 views

Multiple Vulnerabilities Patched in WordPress Download Manager

On May 4, 2021, the Wordfence Threat Intelligence Team initiated the responsible disclosure process for WordPress Download Manager, a WordPress plugin installed on over 100,000 sites. We found two separate vulnerabilities, including a sensitive information disclosure as well as a file upload...

6.5CVSS0.6AI score0.01331EPSS
Exploits1
Rows per page
Query Builder