Multiple Vulnerabilities in WordPress Download Manager Plugin Could Allow Remote Code Execution

ITS Advisory Number: 
2014-106
Date(s) Issued: 
Friday, December 5, 2014
Subject: 
Multiple Vulnerabilities in WordPress Download Manager Plugin Could Allow Remote Code Execution
Overview: 

Multiple vulnerabilities in the WordPress Download Manager plugin may allow remote code execution. WordPress Download Manager is a file and document management plugin for the WordPress content management system.

Successful exploitation could result in an attacker accessing confidential data or compromising processing resources on a user's computer.

Systems Affected: 
  • WordPress Download Manager Plugin. Versions prior to 2.7.5 are vulnerable.
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
Low
Description: 

WordPress Download Manager is prone to multiple vulnerabilities including one that could allow for remote code execution due to a failure to sanitize user-supplied input submitted to the 'execute' parameter of the 'wpdm_ajax_call_exec()' function. A remote file-include vulnerability also exists because it allows the uploading of arbitrary files to the '/file-type-icons/' directory. Specifically, this issue affects the 'wpdm_upload_icon()' function.

Successful exploitation of these vulnerabilities could result in an attacker being able to execute arbitrary code in the context of the web server process or upload arbitrary files. This may allow an attacker access to sensitive information and compromise the application.

Actions: 

We recommend the following actions be taken:

  • If using the plugin, update to its most current version, 2.7.5.
  • Review and follow WordPress hardening guidelines - http://codex.wordpress.org/Hardening_WordPress Run all software as a non-privileged user with minimal access rights.
  • Ensure that systems are hardened with industry-accepted guidelines.
  • Keep all operating systems, applications and essential software up to date to mitigate potential exploitation by attackers.