Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. “payload.php.png” which is executable in some configurations. The destination folder is also protected by an .htaccess file affecting the same configurations so this is likely difficult to exploit in the real world.
CPE | Name | Operator | Version |
---|---|---|---|
download-manager | lt | 3.1.25 |