cleantalk
Vulnerabilities and Security Researches

WP-DownloadManager, CVE-2025-10747

CVE, Research URL

CVE-2025-10747

Home page URL

Security reports for WP-DownloadManager

Application

WP-DownloadManager

Published on
Sep 26, 2025
Research Description
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 1.69.
Status
vulnerable
Previous vulnerability researches
eHive Account Details (5a1ac2bfb25451558629aa1cce94249ff4f9b6f4) , Jun 07, 2024
eHive Account Details (CVE-2013-6837) , Jun 07, 2024
New vulnerability
Whydonate – FREE Donate button – Crowdfunding – Fundraising (CVE-2025-10186) , Nov 11, 2025
Whydonate – FREE Donate button – Crowdfunding – Fundraising (CVE-2025-49899) , Nov 11, 2025
WP Popup Builder – Popup Forms and Marketing Lead Generation (CVE-2025-62902) , Nov 11, 2025
WP Tactical Popup (CVE-2025-58921) , Nov 11, 2025
LMB^Box Smileys (CVE-2025-12400) , Nov 11, 2025