Description

WordPress Plugin WordPress Download Manager is prone to multiple security bypass vulnerabilities. Attackers can exploit these vulnerabilities to perform otherwise restricted actions and subsequently delete or update otherwise restricted files. WordPress Plugin WordPress Download Manager version 2.6.92 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.6.93 or latest

References

http://secunia.com/advisories/59925/

Related Vulnerabilities

Jenkins Incorrect Authorization Vulnerability (CVE-2023-27903)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5681)

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.16.65)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-2329)

WordPress Plugin Social Media Share Buttons & Social Sharing Icons Cross-Site Scripting (2.1.7)

Severity

High

Classification

CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass