WordPress Security: Serious Vulnerability in WordPress Download Manager

WordPress Security: Serious Vulnerability in WordPress Download Manager

December 09, 2014 By Kevin 0

There is a serious vulnerability in the WordPress Download Manager plugin that allows a remote attacker to upload malicious scripts to your website, gain administrative access and modify passwords.

The vulnerability exists in versions of WordPress Download Manager older than 2.7.5. The Changelog confirms this has been fixed as of version 2.7.5.

The Problem:

WP Download manager was allowing unauthenticated ajax calls to execute arbitrary functions. This would allow an attacker to upload arbitrary files and perform a variety of other malicious tasks.

What to do:

Upgrade to WordPress Download Manager version 2.7.5 which is the newest version at the time of writing. The author has also confirmed that the newest version of WP Download Manager Pro has also been fixed.

Please spread the word in the WP community to ensure anyone using this plugin upgrades to the newest version promptly.

Source: http://www.wordfence.com/blog/2014/12/wordpress-security-serious-vulnerability-wordpress-download-manager/

WordPress Security: Serious Vulnerability in WordPress Download Manager 1

Posted by Kevin

Hi, I’m Kevin! As the founder of MonsterMegs I oversee all executive operations. Having held the position for just over 9 years, MonsterMegs has grown substantially in that time and forced me to adapt and relearn the industry many times over. I am responsible for all vendor partnerships, business forecasting and working directly with customers to learn what MonsterMegs does well and how we can improve.

Spread the love

Comment on this article

Leave a Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated and your email address will NOT be published. Let's have a personal and meaningful conversation.

Sign Up for our Newsletter

Join our newsletter, get a free e-book with tips on creating successful websites. Get access to special offers for clients.