WordPress Download Manager Security Bypass Vulnerability
Last Update Date:
19 Dec 2014 10:47
Release Date:
19 Dec 2014
3379
Views
RISK: Medium Risk
TYPE: Servers - Web Servers
A vulnerability has been identified in the Download Manager plugin for WordPress, which can be exploited by malicious people to bypass certain security restrictions.
This vulnerability is caused due to the plugin not properly restricting access to certain administrative functionality, which can be exploited to perform otherwise restricted actions and subsequently e.g. execute arbitrary PHP code.
Impact
- Security Restriction Bypass
System / Technologies affected
WordPress Download Manager 2.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 2.7.5
Vulnerability Identifier
- No CVE information is available
Related Link
- http://secunia.com/advisories/62641
- http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html
- https://plugins.trac.wordpress.org/changeset/1035803/download-manager/trunk/wpdm-core.php?old=1032299&old_path=download-manager%2Ftrunk%2Fwpdm-core.php
- https://wordpress.org/plugins/download-manager/changelog/
Share with