CVE-2014-8585
WordPress Download Manager - Unauthenticated Directory Traversal via fname Parameter
Title source: llmDescription
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70764
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98318
Exploit x_refsource_misc
http://packetstormsecurity.com/files/128852/WordPress-Download-Manager-Arbitrary-File-Download.html
Scores
EPSS
0.0285
EPSS Percentile
84.9%
Details
CWE
CWE-59
Status
published
Products (50)
w3eden/download_manager
1.1
w3eden/download_manager
1.2
w3eden/download_manager
1.2.1
w3eden/download_manager
1.2.2
w3eden/download_manager
1.2.3
w3eden/download_manager
1.2.4
w3eden/download_manager
1.2.5
w3eden/download_manager
1.3
w3eden/download_manager
1.4
w3eden/download_manager
1.5
... and 40 more
Published
Nov 04, 2014
Tracked Since
Feb 18, 2026