Security News > 2021 > July > Remote Code Execution Flaws Patched in WordPress Download Manager Plugin

A vulnerability patched recently in the WordPress Download Manager plugin could be abused to execute arbitrary code under specific configurations, the Wordfence team at WordPress security company Defiant warns.

Tracked as CVE-2021-34639 and having a CVSS score of 7.5, the bug is an authenticated file upload issue that could have allowed attackers to upload files with php4 extensions, as well as files that could be executed if certain conditions were met.

Specifically, the plugin was found vulnerable to a double extension attack, where a file with multiple extensions could be used to execute code.

Htaccess file in the download directory prevents the execution of uploaded files.

Tracked as CVE-2021-34638, the issue is a directory traversal that could allow a low privileged user "To retrieve the contents of a site's wp-config.php file by adding a new download and performing a directory traversal attack using the file parameter," Wordfence says.

Php file are displayed in the page source when previewing the download. The vulnerability, Wordfence explains, could also be abused for code execution.

News URL

http://feedproxy.google.com/~r/securityweek/~3/WX2AG7WdPd8/remote-code-execution-flaws-patched-wordpress-download-manager-plugin