Download Manager <= 2.7.2 - Privilege Escalation

Affects Plugin

fixed in version 2.7.3

References

CVE 2014-9260
ExploitDB 36301
PacketStorm 130690
URL http://security.szurek.pl/wordpress-download-manager-272-privilege-escalation.html

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Submitter Kacper szurek
Submitter Website http://security.szurek.pl/
Submitter Twitter KacperSzurek
Views 4204
Verified No
WPVDB ID 7827

Timeline

Publicly Published 2014-11-24 (over 5 years ago)
Added 2015-03-08 (over 5 years ago)
Last Updated 2019-10-21 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin