Description
WordPress Plugin Download Manager is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Download Manager version 3.2.54 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.2.55 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:2A440E1A-A7E4-4106-839A-D93895E16785
https://plugins.svn.wordpress.org/download-manager/trunk/readme.txt
Related Vulnerabilities
Microsoft SQL Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5090)
Drupal Core 7.x Multiple Security Bypass Vulnerabilities (7.0 - 7.25)
Oracle Database Server CVE-2013-1554 Vulnerability (CVE-2013-1554)
WordPress Plugin Captchinoo, Google recaptcha for admin login page Cross-Site Request Forgery (2.4)