WordPress Plugin Vulnerabilities

Download Manager <= 2.7.4 - Code Execution / Remote File Inclusion

Description

The WordPress Download Manager WordPress plugin was affected by a Code Execution / Remote File Inclusion security vulnerability.

Affects Plugins

Plugin icon
download-manager
Fixed in 2.7.5

References

Exploitdb
35533
URL
exploit/unix/webapp/wp_downloadmanager_upload
URL
https://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
b0ac361a-bad1-48f0-9554-3fca6c67054c

Timeline

Publicly Published
2014-12-03 (about 11 years ago)
Added
2014-12-03 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-01-18
Title
AI Engine < 2.1.5 - Editor+ Arbitrary File Upload via add_image_from_url
Published
2023-12-27
Title
TerraClassifieds <= 2.0.3 Unauthenticated Arbitrary File Upload
Published
2026-03-02
Title
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin < 7.1.0 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload
Published
2026-02-02
Title
Form Maker by 10Web < 1.15.36 - Unauthenticated Stored Cross-Site Scripting via SVG file
Published
2024-01-10
Title
Order Export & Order Import for WooCommerce < 2.4.4 - Shop Manager+ Arbitrary File Upload