Description
WordPress Plugin Downloads Manager is prone to a vulnerability that lets attackers upload and execute arbitrary code. This issue occurs because the application fails to sufficiently sanitize user-supplied input. Successfully exploiting this issue will allow attackers to upload and execute arbitrary PHP code within the context of the webserver process. This may allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Downloads Manager version 0.2 is vulnerable; other versions may also be affected.
Remediation
Update to the latest version
References
http://www.securityfocus.com/bid/30365/exploit
http://www.exploit-db.com/exploits/6127/
http://packetstormsecurity.com/files/view/68478/wordpressdm-upload.txt
Related Vulnerabilities
WordPress Plugin WordPress WP-Advanced-Search Cross-Site Request Forgery (3.3.8)
WordPress Plugin WP Google Maps Cross-Site Request Forgery (7.11.27)
WordPress 5.7 Multiple Vulnerabilities (5.7 - 5.7)
WordPress Plugin Easy Pixels eCommerce extension Unspecified Vulnerability (1.4)
WordPress Plugin CWIS-Antivirus Security Scanner Unspecified Vulnerability (2.3.2)