Security News > 2021 > July > Remote Code Execution Flaws Patched in WordPress Download Manager Plugin
A vulnerability patched recently in the WordPress Download Manager plugin could be abused to execute arbitrary code under specific configurations, the Wordfence team at WordPress security company Defiant warns.
Tracked as CVE-2021-34639 and having a CVSS score of 7.5, the bug is an authenticated file upload issue that could have allowed attackers to upload files with php4 extensions, as well as files that could be executed if certain conditions were met.
Specifically, the plugin was found vulnerable to a double extension attack, where a file with multiple extensions could be used to execute code.
Htaccess file in the download directory prevents the execution of uploaded files.
Tracked as CVE-2021-34638, the issue is a directory traversal that could allow a low privileged user "To retrieve the contents of a site's wp-config.php file by adding a new download and performing a directory traversal attack using the file parameter," Wordfence says.
Php file are displayed in the page source when previewing the download. The vulnerability, Wordfence explains, could also be abused for code execution.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-05 | CVE-2021-34639 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpdownloadmanager Wordpress Download Manager Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. | 8.8 |
2021-08-05 | CVE-2021-34638 | Path Traversal vulnerability in Wpdownloadmanager Wordpress Download Manager Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions. | 6.5 |