cleantalk
Vulnerabilities and Security Researches

Lana Downloads Manager, CVE-2025-2048

CVE, Research URL

CVE-2025-2048

Home page URL

Security reports for Lana Downloads Manager

Application

Lana Downloads Manager

Published on
Apr 01, 2025
Research Description
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server
Affected versions
Min -, max 1.10.0.
Status
vulnerable
Previous vulnerability researches
Lana Downloads Manager (CVE-2025-7387) , Jul 12, 2025
Lana Downloads Manager (CVE-2022-2392) , Jun 07, 2024
Lana Downloads Manager (CVE-2025-2048) , Apr 03, 2025
New vulnerability
WP Register Profile With Shortcode (CVE-2025-4593) , Jul 13, 2025
Simple File List (CVE-2025-34085) , Jul 13, 2025
Pakke Envíos (CVE-2025-52819) , Jul 13, 2025
Gwolle Guestbook (CVE-2025-5807) , Jul 13, 2025
Tennis Court Bookings (CVE-2025-52787) , Jul 13, 2025