6 matches found
CVE-2025-3404
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete...
CVE-2025-3404
creationtimestamp| type| source ---|---|--- 2025-04-19 08:02:08+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12577 2025-04-19 08:39:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ln5qctubwh2h 2025-04-19 09:02:35+00:00| seen|...
CVE-2025-3404 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete...
CVE-2025-3404
CVE-2025-3404 : WordPress Download Manager plugin (versions up to 3.3.12) allows an Authenticated user with Author+ privileges to delete arbitrary server files due to insufficient file-path validation in savePackage. Reported impact includes potential remote code execution if critical files (e.g....
CVE-2025-3404 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete...
WordPress Download Manager plugin <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion vulnerability
Authenticated Author+ Arbitrary File Deletion vulnerability discovered by WordFence in WordPress Plugin Download Manager versions = 3.3.12...