Description

WordPress Plugin WordPress Download Manager is prone to multiple security bypass vulnerabilities. Attackers can exploit these vulnerabilities to perform otherwise restricted actions and subsequently delete or update otherwise restricted files. WordPress Plugin WordPress Download Manager version 2.6.92 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.6.93 or latest

References

http://secunia.com/advisories/59925/

Related Vulnerabilities

Drupal Improper Input Validation Vulnerability (CVE-2015-3234)

TYPO3 Observable Discrepancy Vulnerability (CVE-2022-36105)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11619)

Oracle Database Server CVE-2010-0901 Vulnerability (CVE-2010-0901)

WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Request Forgery (1.7.8)

Severity

High

Classification

CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass