CVE-2017-2217

MEDIUM

WordPress Download Manager <2.9.51 - Open Redirect

Title source: llm
STIX 2.1

Description

Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

References (3)

Core 3
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/1650075/
Third Party Advisory third-party-advisory x_refsource_jvn
https://jvn.jp/en/jp/JVN79738260/index.html
Patch, Vendor Advisory x_refsource_confirm
https://wordpress.org/plugins/download-manager/#developers

Scores

CVSS v3 6.1
EPSS 0.0148
EPSS Percentile 70.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-601
Status published
Products (2)
W3 Eden, Inc./WordPress Download Manager prior to version 2.9.51
w3eden/download_manager < 2.9.50
Published Jul 07, 2017
Tracked Since Feb 18, 2026