Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/04/03 11:6 a.m.8 views

CVE-2025-2048

The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...

4.1CVSS7.2AI score0.00486EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/04/01 5:43 p.m.5 views

WordPress Lana Downloads Manager plugin < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal vulnerability

Admin+ Arbitrary File Download via Path Traversal vulnerability discovered by Bruno Oliveira - IncludeSecurity in WordPress Plugin Lana Downloads Manager versions 1.10.0...

4.1CVSS9AI score0.00486EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2025/04/01 6:15 a.m.5 views

CVE-2025-2048

The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...

4.1CVSS0.00486EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/01 6:0 a.m.6 views

CVE-2025-2048 Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal

The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...

7.1AI score0.00486EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/01 6:0 a.m.16 views

CVE-2025-2048 Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal

The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...

0.00486EPSS
Exploits1References1
Rows per page
Query Builder