Skip to main content

WordPress Download Manager Security Bypass Vulnerability

Last Update Date: 19 Dec 2014 10:47 Release Date: 19 Dec 2014 4070 Views

RISK: Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

A vulnerability has been identified in the Download Manager plugin for WordPress, which can be exploited by malicious people to bypass certain security restrictions.

This vulnerability is caused due to the plugin not properly restricting access to certain administrative functionality, which can be exploited to perform otherwise restricted actions and subsequently e.g. execute arbitrary PHP code.


Impact

  • Security Restriction Bypass

System / Technologies affected

 WordPress Download Manager 2.x


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 2.7.5

Vulnerability Identifier

  • No CVE information is available

Related Link