CVE-2025-1785

Published Mar 13, 2025

Last updated 23 days ago

CVSS medium 5.4

Overview

Description
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
5.4
Impact score
2.5
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Severity
MEDIUM

Weaknesses

security@wordfence.com
CWE-22

Social media

Hype score
Not currently trending

  1. CVE-2025-1785 The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it… https://t.co/qIe1J1ke2D

    @CVEnew

    13 Mar 2025

    473 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References