Multiple Vulnerabilities Patched in WordPress Download Manager

The WordFence team found two separate vulnerabilities, including a sensitive information disclosure as well as a file upload vulnerability which could have resulted in Remote Code Execution in some configurations.

A patched version of the WP Download Manager plugin was released within days of disclosure.

Original article: https://www.wordfence.com/blog/2021/07/wordpress-download-manager-vulnerabilities/

Posted in Vulnerability.