Description

WordPress Plugin WordPress Download Manager is prone to multiple security bypass vulnerabilities. Attackers can exploit these vulnerabilities to perform otherwise restricted actions and subsequently delete or update otherwise restricted files. WordPress Plugin WordPress Download Manager version 2.6.92 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.6.93 or latest

References

http://secunia.com/advisories/59925/

Related Vulnerabilities

WordPress Plugin WP Security Safe Cross-Site Request Forgery (2.2.2)

Django Insufficiently Protected Credentials Vulnerability (CVE-2018-16984)

ownCloud Improper Authentication Vulnerability (CVE-2016-9463)

WordPress 5.6.x Prototype Pollution (5.6 - 5.6.7)

Django Resource Management Errors Vulnerability (CVE-2015-5145)

Severity

High

Classification

CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass