Description
WordPress Plugin Download Manager is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to delete arbitrary files in the context of the webserver process. WordPress Plugin Download Manager version 3.2.50 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.2.51 or latest
References
Related Vulnerabilities
WordPress Plugin WooCommerce Cross-Seller Unspecified Vulnerability (1.0.2)
WordPress Plugin simpleSAMLphp Authentication Cross-Site Scripting (0.7.0)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1903)
OpenSSL Key Management Errors Vulnerability (CVE-2018-0732)
Oracle Database Server CVE-2008-0343 Vulnerability (CVE-2008-0343)