ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Download Manager Plugin - Arbitrary File Download

Product
Download Manager
Description
Because of this vulnerability, the attackers can read arbitrary files in the "fname" parameter to views/file_download.php or file_download.php.
Solution
Update the plugin.
Classification
Type Arbitrary File Download
References
CVE Mitre
CVE
Name CVE-2014-8585
Versions
Affected In <= 1.0
Fixed In 1.1
Disclosure date
2014-11-04
Credits
Hugo Santiago dos Santos