WordPress Download Manager Plugin Remote Code Execution and Remote File Include Vulnerabilities

Download Manager plugin for WordPress is prone to a remote code-execution vulnerability and a remote file-include vulnerability.

An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary script code in the context of the web server process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

Versions prior to Download Manager 2.7.5 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus