CVE-2026-2419

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'downloadpath' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the...

CVE-2026-2426

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...

CVE-2026-2426 WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...

CVE-2026-2426 WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...

CVE-2026-2419

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'downloadpath' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the...

WordPress WP-DownloadManager plugin <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Read via 'downloadpath' Parameter vulnerability discovered by n4ur15 in WordPress Plugin WP-DownloadManager versions = 1.69...

EUVD-2020-16877

Malware in sbrugna...

EUVD-2013-2636

Malware in sbrugna...

EUVD-2022-30266

Malicious code in bioql PyPI...

EUVD-2021-31575

Malicious code in bioql PyPI...

EUVD-2022-30265

Malicious code in bioql PyPI...

EUVD-2024-42377

Malicious code in bioql PyPI...

EUVD-2024-45999

Malicious code in bioql PyPI...

CVE-2025-10747

CVE-2025-10747 - WP-DownloadManager (WordPress) is validated by Wordfence as an authenticated, high-severity vulnerability: missing file-type validation in download-add.php allows an Administrator+ attacker to upload arbitrary files on the server, potentially enabling remote code execution. Affec...

PT-2025-39512

Name of the Vulnerable Software and Affected Versions WP-DownloadManager plugin for WordPress versions prior to 1.68.12 Description The WP-DownloadManager plugin for WordPress is susceptible to unrestricted file uploads because of a lack of file type validation within the download-add.php file...

CVE-2025-4799

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above,...

CVE-2025-4799 WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Deletion

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above,...

CVE-2025-4799

The CVE-2025-4799 entry concerns the WordPress WP-DownloadManager plugin (versions

CVE-2025-4798 WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...

CVE-2025-4798 WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...