ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Download Manager Plugin 2.7.2 - Privilege Escalation

Product
Download Manager
Description
Download Manager plugin is prone tu vulnerability that allows an attacker to take control of every group (change name, description, avatar and settings). In this case, every registered user can update every WordPress options using basic_settings() function.
Solution
Update to version 2.7.3.
Classification
Type BYPASS
References
Exploit-DB
CVE
Name CVE-2014-9260
Versions
Affected In <= 2.7.2
Fixed In 2.7.3
Disclosure date
2014-11-24
Credits
Kacper Szurek