Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 9:13 p.m.12 views

CVE-2022-2431

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles function found in the /Admin/Menu/Packages.php file that triggers upon download post deletion...

8.8CVSS7.6AI score0.02678EPSS
Exploits2References1
NVD
NVD
added 2022/09/06 6:15 p.m.14 views

CVE-2022-2431

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles function found in the /Admin/Menu/Packages.php file that triggers upon download post deletion...

8.8CVSS0.02678EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2022/09/06 5:18 p.m.12 views

CVE-2022-2431 Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles function found in the /Admin/Menu/Packages.php file that triggers upon download post deletion...

8.1CVSS8.6AI score0.02678EPSS
Exploits2References3
CVE
CVE
added 2022/09/06 5:18 p.m.73 views

CVE-2022-2431

The CVE-2022-2431 issue affects the WordPress Download Manager plugin (versions up to 3.2.50). A validation flaw in deleteFiles() (Packages.php) allows authenticated contributors+ to supply an arbitrary file path via file[files], enabling deletion of critical files such as /wp-config.php upon pos...

8.8CVSS8.6AI score0.02678EPSS
Exploits2References3Affected Software1
Packet Storm
Packet Storm
added 2022/08/04 12:0 a.m.428 views

WordPress Download Manager 3.2.50 Arbitrary File Deletion

Description: Authenticated Contributor+ Arbitrary File Deletion Affected Plugin: Download Manager Plugin Slug: download-manager Plugin Developer: W3 Eden, Inc. Affected Versions: = 3.2.50 CVE ID: CVE-2022-2431 CVSS Score: 8.8 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...

8.6AI score0.02678EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2022/08/03 2:57 p.m.29 views

High Severity Vulnerability Patched in Download Manager Plugin

On July 8, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Download Manager,” a WordPress plugin that is installed on over 100,000 sites. This flaw makes it possible for an authenticated attacker to delete arbitrary...

8.8AI score0.02678EPSS
Exploits2
Rows per page
Query Builder