Download Manager < 3.3.09 – Authenticated (Author+) Path Traversal to Limited File Overwrite | CVE 2025-1785 | Plugin Vulnerabilities

Description

The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service.

Affects Plugins

download-manager

Fixed in 3.3.09

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5c7974-4c10-4880-8823-2accee3c0da4

Classification

Type

LFI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

zhuxuan wu

Verified

No

WPVDB ID

9f0c9d8e-5148-4bb6-9ac8-f42595ec7c6a

Timeline

Publicly Published

2025-03-12 (about 1 year ago)

Added

2025-03-12 (about 1 year ago)

Last Updated

2025-03-13 (about 1 year ago)

Other

Published

Title

Published

2025-07-17

Title

School Management System for Wordpress < 1.93.1 (02-07-2025) - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update

Published

2014-08-01

Title

Payment Gateways Caller for WP e-Commerce 0.1.0 - load_merchant Parameter Traversal Local file Inclusion

Published

2014-08-01

Title

Tinymce Thumbnail Gallery < 1.1.0 - download-image.php Local File Inclusion

Published

2025-01-31

Title

Jupiterx Core < 4.8.8 - Authenticated (Contributor+) Arbitrary File Read

Published

2024-02-12

Title

MoveTo <= 6.2 - Unauthenticated Directory Traversal to Arbitrary File Deletion