WordPress Plugin Vulnerabilities

WordPress Download Manager < 3.1.25 - Authenticated File Upload

Description

Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. The destination folder is also protected by an .htaccess file affecting the same configurations so this is likely difficult to exploit in the real world.

Affects Plugins

Plugin icon
download-manager
Fixed in 3.1.25

References

CVE
CVE-2021-34639
URL
https://www.wordfence.com/blog/2021/07/wordpress-download-manager-vulnerabilities/

Miscellaneous

Original Researcher
Ramuel Gall
Submitter
Ramuel Gall
Submitter twitter
ramuelgall
Verified
Yes
WPVDB ID
066947e2-cee1-4ae0-9158-a5750f2ac554

Timeline

Publicly Published
2021-07-29 (about 4 years ago)
Added
2021-07-29 (about 4 years ago)
Last Updated
2023-01-24 (about 3 years ago)

Other

Published
Title
Published
2025-01-03
Title
JobBoard Job listing < 1.2.7 - Unauthenticated Arbitrary File Upload
Published
2014-08-01
Title
Xerte Online <= 0.35 - File Upload
Published
2026-02-26
Title
User Frontend < 4.2.9 - Author+ Arbitrary File Upload
Published
2025-08-19
Title
Compress Then Upload < 1.0.5 - Admin+ Arbitrary File Upload
Published
2023-11-14
Title
Forminator < 1.28.0 - Admin+ Arbitrary File Upload