WordPress Plugin WordPress Download Manager Security Bypass (2.7.2)

Description
  • WordPress Plugin WordPress Download Manager is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently update every WordPress options by using "basic_settings()" function which may lead to the creation of a new account with administrative privileges. WordPress Plugin WordPress Download Manager version 2.7.2 is vulnerable; prior versions may also be affected.
Remediation
  • Update to plugin version 2.7.3 or latest
References