Blog

Sitesassure Security Blog

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form

Security Advisory – High Severity – WordPress Download Manager

Posted by on in Uncategorized
  • Font size: Larger Smaller
  • Hits: 1015
  • 0 Comments
  • Subscribe to this entry
  • Print

wordpress iconAdvisory for: WordPress Download Manager

Security Risk: Very High

Exploitation level: Easy/Remote

DREAD Score: 9/10

Vulnerability: Code Execution / Remote File Inclusion

Patched Version: <2.7.5\\http://www.sitesassure.com/images/wordpressIcon2.pn

 

If you’re using the popular WP Download Manager plugin (around 850,000 downloads), you should update right away. During a routine audit for our Website Firewall (WAF), we found a dangerous remote code execution (RCE) and remote file inclusion (RFI) vulnerability. A malicious user can exploit this vulnerability to take control of your website by uploading backdoors and modifying user passwords.The vulnerability was discovered and disclosed last week and immediately patched by the WP Download Manager. They have released a patch in version 2.7.5 to fix this issue.

http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html

Sitesassure - MORE THE REASON

 

0

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest
Guest Saturday, 25 March 2017
Contact Us
First Name (*)
Please let us know your name.
Your Email (*)
Please let us know your email address.
Company (*)
Please let us know your Company
Last Name (*)
Please let us know your last name.
Phone (*)
Please let us know your Phone
Subject (*)
Please write a subject for your message.
Message (*)
Please let us know your message.
Captcha (*)Captcha
  Refresh
Invalid Input

SitesAssure.com

 
Email:
support@sitesassure.com
185 E Elm St #812
Torrington, Connecticut 06790
Call: 1-(860) 294-2444
Monday - Friday, 8am - 8pm
 

affiliatebanner

 




 
Interwebshop Internet Services, LLC BBB Business Review

S5 Box

Login

Register

You need to enable user registration from User Manager/Options in the backend of Joomla before this module will activate.