Description
WordPress Plugin WordPress Download Manager is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WordPress Download Manager version 2.6.95 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
Related Vulnerabilities
WordPress Plugin Catch Scroll Progress Bar Security Bypass (1.5)
WordPress Plugin Discount Rules for WooCommerce Multiple Vulnerabilities (2.0.2)
WordPress Plugin LazyEater Multiple Unspecified Vulnerabilities (1.2.4)
WordPress Plugin Swipe Checkout for Jigoshop Cross-Site Scripting (3.1.0)
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2005-3357)