CVE-2025-4799
BaseFortify
Publication date: 2025-06-11
Last updated on: 2025-07-09
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wp-downloadmanager_project | wp-downloadmanager | to 1.68.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-36 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the WP-DownloadManager WordPress plugin allows authenticated users with Administrator-level access or higher to delete arbitrary files on the server. This happens because the plugin does not restrict the directories from which files can be deleted, enabling attackers to remove critical files such as wp-config.php. Deleting such files can lead to remote code execution, compromising the server. This issue affects all versions up to and including 1.68.10 and was fixed in version 1.68.11 by enforcing that the download path must reside within the wp-content directory. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized deletion of important server files, which can disrupt website functionality or lead to complete site compromise. Specifically, deleting critical files like wp-config.php can allow attackers to execute remote code on the server, potentially gaining full control over the WordPress installation and underlying system. This can result in data loss, service downtime, and further exploitation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your WordPress installation is running the WP-DownloadManager plugin version 1.68.10 or earlier. Since the vulnerability requires authenticated Administrator-level access to delete arbitrary files, monitoring for suspicious file deletion activities or unexpected changes to critical files like wp-config.php can help detect exploitation attempts. You can check the plugin version via the WordPress admin dashboard or by running a command on your server to find the plugin version, for example: `grep 'Version:' wp-content/plugins/wp-downloadmanager/readme.txt` or inspecting the plugin header in `wp-content/plugins/wp-downloadmanager/wp-downloadmanager.php`. Additionally, reviewing web server logs for POST requests to the plugin's file deletion endpoints or unusual admin actions may help detect exploitation. There are no specific network commands provided in the resources, but monitoring file system changes and plugin versions is recommended. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the WP-DownloadManager plugin to version 1.68.11 or later, which includes a security fix that restricts the download path to the wp-content directory, preventing arbitrary file deletion outside this safe directory. This update enforces validation of the download path and mitigates directory traversal and unauthorized file deletion risks. Additionally, ensure that only trusted users have Administrator-level access to your WordPress site, and monitor file permissions and access controls to limit potential exploitation. [1]