Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total7
Critical0
High2
Medium4
Reset
Showing 1-7 of 7 records
Threat Entry Updated 2026-04-15

CVE-2026-2426 - Wp Downloadmanager Plugin

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can lead to remote code execution when critical files like wp-config.php are deleted.

PLUGIN Wp Downloadmanager

CVE-2026-2426

MEDIUM CVSS 6.5 2026-02-18
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-2419 - Wp Downloadmanager Plugin

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the WP_CONTENT_DIR prefix check. This makes it possible for authenticated attackers, with Administrator-level access and above, to configure the plugin to list and access arbitrary files on the server by exploiting the file browser functionality.

PLUGIN Wp Downloadmanager

CVE-2026-2419

LOW CVSS 2.7 2026-02-18
Open Full Technical Breakdown
Threat Entry Updated 2025-09-26

CVE-2025-10747 - Wp Downloadmanager Plugin

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Wp Downloadmanager

CVE-2025-10747

HIGH CVSS 7.2 2025-09-26
Open Full Technical Breakdown
Threat Entry Updated 2025-07-09

CVE-2025-4799 - Wp Downloadmanager Plugin

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory.

PLUGIN Wp Downloadmanager

CVE-2025-4799

HIGH CVSS 7.2 2025-06-11
Open Full Technical Breakdown
Threat Entry Updated 2025-07-09

CVE-2025-4798 - Wp Downloadmanager Plugin

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files.

PLUGIN Wp Downloadmanager

CVE-2025-4798

MEDIUM CVSS 4.9 2025-06-11
Open Full Technical Breakdown
Scroll to top