cleantalk
Vulnerabilities and Security Researches

Download Manager, CVE-2025-1785

CVE, Research URL

CVE-2025-1785

Application

Download Manager

Published on
Mar 13, 2025
Research Description
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service.
Affected versions
Min -, max 3.3.09.
Status
vulnerable