Vigil@nce - WordPress WordPress Download Manager: privilege escalation
September 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use WordPress WordPress Download Manager, in order
to create or delete files.
– Impacted products: WordPress Plugins
– Severity: 2/4
– Creation date: 10/09/2014
DESCRIPTION OF THE VULNERABILITY
The WordPress Download Manager plugin can be installed on
WordPress.
However, access permissions are not always checked.
An attacker can therefore use WordPress WordPress Download
Manager, in order to create or delete files.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WordPress-WordPress-Download-Manager-privilege-escalation-15324