Lucene search
K

6 matches found

NVD
NVD
added 2025/04/19 8:15 a.m.15 views

CVE-2025-3404

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete...

8.8CVSS0.00962EPSS
Exploits0References3
Circl
Circl
added 2025/04/19 8:2 a.m.7 views

CVE-2025-3404

creationtimestamp| type| source ---|---|--- 2025-04-19 08:02:08+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12577 2025-04-19 08:39:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ln5qctubwh2h 2025-04-19 09:02:35+00:00| seen|...

8.8CVSS7.3AI score0.00962EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/19 7:23 a.m.22 views

CVE-2025-3404 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete...

8.8CVSS0.00962EPSS
Exploits0References3
CVE
CVE
added 2025/04/19 7:23 a.m.83 views

CVE-2025-3404

CVE-2025-3404 : WordPress Download Manager plugin (versions up to 3.3.12) allows an Authenticated user with Author+ privileges to delete arbitrary server files due to insufficient file-path validation in savePackage. Reported impact includes potential remote code execution if critical files (e.g....

8.8CVSS8.9AI score0.00962EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/19 7:23 a.m.6 views

CVE-2025-3404 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete...

8.8CVSS8.9AI score0.00962EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/04/19 12:15 a.m.6 views

WordPress Download Manager plugin <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion vulnerability

Authenticated Author+ Arbitrary File Deletion vulnerability discovered by WordFence in WordPress Plugin Download Manager versions = 3.3.12...

8.8CVSS8.4AI score0.00962EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder