wordpress iconAdvisory for: WordPress Download Manager

Security Risk: Very High

Exploitation level: Easy/Remote

DREAD Score: 9/10

Vulnerability: Code Execution / Remote File Inclusion

Patched Version: <2.7.5\\http://www.sitesassure.com/images/wordpressIcon2.png

 

If you’re using the popular WP Download Manager plugin (around 850,000 downloads), you should update right away. During a routine audit for our Website Firewall (WAF), we found a dangerous remote code execution (RCE) and remote file inclusion (RFI) vulnerability. A malicious user can exploit this vulnerability to take control of your website by uploading backdoors and modifying user passwords.The vulnerability was discovered and disclosed last week and immediately patched by the WP Download Manager. They have released a patch in version 2.7.5 to fix this issue.

http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html

Sitesassure - MORE THE REASON