WordPress Plugin Vulnerabilities

Download Manager <= 2.7.2 - Privilege Escalation

Description

The WordPress Download Manager WordPress plugin was affected by a Privilege Escalation security vulnerability.

Affects Plugins

Plugin icon
download-manager
Fixed in 2.7.3

References

CVE
CVE-2014-9260
Exploitdb
36301
URL
https://packetstormsecurity.com/files/#130690/
URL
https://security.szurek.pl/wordpress-download-manager-272-privilege-escalation.html

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
8.8 (high)

Miscellaneous

Submitter
Kacper szurek
Submitter website
http://security.szurek.pl/
Submitter twitter
KacperSzurek
Verified
No
WPVDB ID
376c52f7-5ecf-4720-a6c7-29c9693b6e1d

Timeline

Publicly Published
2014-11-24 (about 11 years ago)
Added
2015-03-08 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-07-08
Title
WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 <= 1.0.1 - Improper Authorization due to use of Hardcoded Credentials
Published
2025-10-08
Title
Search & Go < 2.8 - Authentication Bypass to Privilege Escalation
Published
2024-08-14
Title
MStore API – Create Native Android & iOS Apps On The Cloud < 4.15.3 - Authentication Bypass to Account Takeover
Published
2024-11-05
Title
Heateor Social Login WordPress < 1.1.36 - Authentication Bypass
Published
2018-12-07
Title
Orbit Fox by ThemeIsle <= 2.6.3 -Does not properly Authenticate REST API Calls