CVE-2019-25727
Deferred Deferred - Pending Action
Arbitrary File Download in WordPress Plugin Ad Manager WD 1.0.11

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: VulnCheck

Description
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=export_csv and a malicious path parameter to read arbitrary files like wp-config.php accessible to the web server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-25
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2019-25727
EUVD
EUVD-2019-20163
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wd ad_manager 1.0.11
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The WordPress Plugin ad manager wd version 1.0.11 contains an arbitrary file download vulnerability. This flaw allows unauthenticated attackers to download sensitive files by manipulating the 'path' parameter in a GET request to the 'edit.php' endpoint with 'export=export_csv'. By crafting a malicious URL, attackers can read and download files such as the WordPress configuration file (wp-config.php) that are accessible to the web server.

Compliance Impact

This vulnerability allows unauthenticated attackers to download sensitive files such as wp-config.php by exploiting an arbitrary file download flaw in the WordPress Plugin ad manager wd 1.0.11.

Access to sensitive files could lead to exposure of confidential information, which may result in non-compliance with data protection regulations such as GDPR or HIPAA that require safeguarding personal and sensitive data.

Organizations using the affected plugin could face risks related to unauthorized data disclosure, potentially violating regulatory requirements for data confidentiality and security.

Impact Analysis

This vulnerability can have severe impacts as it allows attackers to download sensitive files without authentication. Access to files like wp-config.php can expose database credentials and other critical configuration details, potentially leading to full site compromise, data breaches, and unauthorized access to the WordPress installation.

Detection Guidance

This vulnerability can be detected by attempting to access sensitive files through crafted GET requests targeting the vulnerable endpoint.

A typical command to test for this vulnerability involves sending a GET request to the edit.php endpoint with the parameters export=export_csv and a malicious path parameter pointing to a sensitive file such as wp-config.php.

For example, using curl from a terminal, you can run:

  • curl -i "http://<target-site>/wp-admin/edit.php?post_type=wd_ads_ads&export=export_csv&path=../wp-config.php"

If the response contains contents of the wp-config.php file or other sensitive files, the vulnerability is present.

Mitigation Strategies

Immediate mitigation steps include:

  • Disable or remove the vulnerable WordPress Plugin ad manager wd version 1.0.11 or earlier.
  • Restrict access to the wp-admin/edit.php endpoint or implement web application firewall (WAF) rules to block requests containing the export=export_csv parameter combined with suspicious path parameters.
  • Update the plugin to a patched version if available.
  • Review web server logs for suspicious GET requests targeting the vulnerable parameters and block offending IP addresses.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25727. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart