Description

WordPress Plugin WordPress Download Manager is prone to multiple security bypass vulnerabilities. Attackers can exploit these vulnerabilities to perform otherwise restricted actions and subsequently delete or update otherwise restricted files. WordPress Plugin WordPress Download Manager version 2.6.92 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.6.93 or latest

References

http://secunia.com/advisories/59925/

Related Vulnerabilities

Oracle Database Server CVE-2010-2411 Vulnerability (CVE-2010-2411)

WordPress Plugin MaxBlogPress Max Banner Ads Cross-Site Scripting (1.9)

Joomla! Core 3.9.x CSV Injection (3.9.0 - 3.9.6)

Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10642)

MODX Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-25911)

Severity

High

Classification

CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass