2 matches found
CVE-2025-1785 Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdmnewfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originall...
CVE-2025-1785 Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdmnewfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originall...