cleantalk
Vulnerabilities and Security Researches

Download Manager, CVE-2025-1785

CVE, Research URL

CVE-2025-1785

Home page URL

Security reports for Download Manager

Application

Download Manager

Published on
Mar 13, 2025
Research Description
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service.
Affected versions
Min -, max 3.3.09.
Status
vulnerable
Previous vulnerability researches
FREE DOWNLOAD MANAGER (CVE-2024-49315) , Oct 19, 2024
CM Download Manager – Document and File Management (CVE-2025-24758) , Feb 19, 2025
CM Download Manager – Document and File Management (CVE-2020-27344) , Jun 06, 2024
CM Download Manager – Document and File Management (CVE-2014-8877) , Jun 06, 2024
CM Download Manager – Document and File Management (CVE-2024-1962) , Jun 06, 2024
New vulnerability
Clearout Email Validator – Real Time Email Validation on WordPress Forms (CVE-2025-30789) , Mar 28, 2025
Order Status Rules for WooCommerce (CVE-2025-30781) , Mar 28, 2025
Product Catalog – Catalog for WordPress (CVE-2025-30524) , Mar 28, 2025
Chatbox Manager (CVE-2025-30790) , Mar 28, 2025
Translate Multilingual sites – TranslatePress (CVE-2025-30773) , Mar 28, 2025