WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Download Manager <= 2.7.2 - Privilege Escalation

Description

The WordPress Download Manager WordPress plugin was affected by a Privilege Escalation security vulnerability.

Affects Plugins

download-manager
Fixed in version 2.7.3

References

CVE
CVE-2014-9260
URL
https://security.szurek.pl/wordpress-download-manager-272-privilege-escalation.html
URL
https://packetstormsecurity.com/files/130690/
ExploitDB
36301

Classification

Type

AUTHBYPASS

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Submitter

Kacper szurek

Submitter website
http://security.szurek.pl/
Submitter twitter
KacperSzurek
Verified

No

WPVDB ID
376c52f7-5ecf-4720-a6c7-29c9693b6e1d

Timeline

Publicly Published

2014-11-24 (about 8 years ago)

Added

2015-03-08 (about 7 years ago)

Last Updated

2020-09-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin