WordPress Plugin Vulnerabilities

CM Download Manager < 3.0.0 - Unauthenticated Arbitrary File Deletion

Description

The CM Download Manager – Simplify file sharing with powerful download management plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletescreenshot() function in all versions up to, and including, 2.9.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Affects Plugins

Plugin icon
cm-download-manager
Fixed in 3.0.0

References

CVE
CVE-2025-30910
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/41fd12b8-8269-484e-a137-a2c9341b27fe

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
9.1 (critical)

Miscellaneous

Original Researcher
Trương Hữu Phúc (truonghuuphuc)
Verified
No
WPVDB ID
e38ebd1b-6eca-4521-bce5-cdab6d033965

Timeline

Publicly Published
2025-03-27 (about 11 months ago)
Added
2025-04-02 (about 11 months ago)
Last Updated
2025-04-02 (about 11 months ago)

Other

Published
Title
Published
2025-02-24
Title
Pie Register Premium < 3.8.3.3 - Authenticated (Subscriber+) Limited File Deletion
Published
2025-08-24
Title
Custom Query Shortcode < 0.5.0 - Authenticated (Contributor+) Path Traversal via lens Parameter
Published
2016-07-10
Title
Ultimate Member < 1.3.65 - Local File Inclusion
Published
2024-02-12
Title
MoveTo <= 6.2 - Unauthenticated Directory Traversal to Arbitrary File Deletion
Published
2024-06-13
Title
Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload