Vulnerabilities > CVE-2014-9260 - Unspecified vulnerability in W3Eden Download Manager

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
w3eden
exploit available

Summary

The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option.

Vulnerable Configurations

Part Description Count
Application
W3Eden
108

Exploit-Db

descriptionWordPress Download Manager 2.7.2 - Privilege Escalation. CVE-2014-9260. Webapps exploit for php platform
idEDB-ID:36301
last seen2016-02-04
modified2014-11-24
published2014-11-24
reporterKacper Szurek
sourcehttps://www.exploit-db.com/download/36301/
titleWordPress Download Manager 2.7.2 - Privilege Escalation

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/130690/wpdownloadmanager272-escalate.txt
idPACKETSTORM:130690
last seen2016-12-05
published2015-03-06
reporterKacper Szurek
sourcehttps://packetstormsecurity.com/files/130690/WordPress-Download-Manager-2.7.2-Privilege-Escalation.html
titleWordPress Download Manager 2.7.2 Privilege Escalation