Multiple vulnerabilities in the WordPress Download Manager plugin may allow remote code execution. WordPress Download Manager is a file and document management plugin for the WordPress content management system.
Successful exploitation could result in an attacker accessing confidential data or compromising processing resources on a user's computer.
- WordPress Download Manager Plugin. Versions prior to 2.7.5 are vulnerable.
WordPress Download Manager is prone to multiple vulnerabilities including one that could allow for remote code execution due to a failure to sanitize user-supplied input submitted to the 'execute' parameter of the 'wpdm_ajax_call_exec()' function. A remote file-include vulnerability also exists because it allows the uploading of arbitrary files to the '/file-type-icons/' directory. Specifically, this issue affects the 'wpdm_upload_icon()' function.
Successful exploitation of these vulnerabilities could result in an attacker being able to execute arbitrary code in the context of the web server process or upload arbitrary files. This may allow an attacker access to sensitive information and compromise the application.
We recommend the following actions be taken:
- If using the plugin, update to its most current version, 2.7.5.
- Review and follow WordPress hardening guidelines - http://codex.wordpress.org/Hardening_WordPress Run all software as a non-privileged user with minimal access rights.
- Ensure that systems are hardened with industry-accepted guidelines.
- Keep all operating systems, applications and essential software up to date to mitigate potential exploitation by attackers.