ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Download Manager 2.7.4 - Remote Code Execution

Product
Download Manager
Description
Download Manager plugin is prone to a remote code execution vulnerability via "/download-manager/wpdm-core.php". It allows attackers to execute arbitrary PHP code.
Solution
Upgrade the plugin.
Classification
Type Remote File Inclusion
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 2.7.4
Fixed In 2.7.5
Disclosure date
2014-12-15
Credits
Claudio Viviani