Patch this WordPress plugin bug, thousands of site owners warned WordPress logo
The Wordfence Threat Intelligence team has discovered two separate vulnerabilities in a popular WordPress plugin used to change how download pages are displayed.
The plugin in question is called WordPress Download Manager and it has been installed on over 100,000 sites according to WordPress.org.
The first vulnerability can be exploited to achieve authenticated directory traversal according to Wordfence. While WordPress Download Manager had some protections in place to protect against directory traversal, they were far from sufficient. As a result, it was possible for a user such as a contributor with lower privileges to retrieve the contents of a site’s wp-config.php file by adding a new download and performing a directory traversal attack.
From here, upon previewing the download, the contents of the wp-config.php file would be visible in the page’s source code. However, since the contents of the file were echoed out onto the page source, a user with author-level permissions could also upload a file with an image extension containing malicious JavaScript and set the contents of file[page_template] to the path of the uploaded file which could result in Stored Cross-Site Scripting.
Double extension attack
Before Wordfence discovered these two vulnerabilities, the team behind the WordPress Download Manager patched a vulnerability that allowed users to upload files with php4 extensions as well as other potentially executable files.
Although this patch protected many configurations, it only checked the very last file extension which made it possible for an attacker to carry out a “double extension” attack by uploading a file with multiple extensions like info.php.png.
The Wordfence Threat Intelligence Team responsibly disclosed its findings to the WordPress Download Manager team at the beginning of May and the plugin’s developer released a patched version of the plugin the following day.
Still if you’re a WordPress site owner that uses the plugin, it is highly recommended that you update to the latest version immediately to avoid falling victim to any attacks exploiting these two now patched vulnerabilities.
The Wordfence Threat Intelligence team has discovered two separate vulnerabilities in a popular WordPress plugin used to change how download pages are displayed. The plugin in question is called WordPress Download Manager and it has been installed on over 100,000 sites according to WordPress.org. The first vulnerability can be exploited…
Recent Posts
- AWS Q1 growth pushes ahead as cloud revenue soars
- Network specialist debuts free tool that promises to solve VPN and ZTNA connectivity issues for good
- This pink Nvidia RTX 4060 GPU features adorable cats and pugs, oh my!
- Peacock may increase the cost of its monthly and annual plans again
- Razer ordered to pay $1.1 million in refunds over its Zephyr RGB mask N95 claims
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011