Description
WordPress Plugin WordPress Download Manager is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WordPress Download Manager version 2.6.95 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
Related Vulnerabilities
WordPress Plugin PostmagThemes Demo Import Arbitrary File Upload (1.0.7)
WordPress Plugin Data Tables Generator by Supsystic Multiple Vulnerabilities (1.9.96)
WordPress 6.2.x Shortcode Execution (6.2 - 6.2.1)
Jboss EAP Improper Input Validation Vulnerability (CVE-2010-1871)
Contao Insufficient Session Expiration Vulnerability (CVE-2024-30262)