CVE-2025-4799

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-4799
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-manager.php#L215
https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L16
https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42
https://plugins.trac.wordpress.org/changeset/3294467/
https://www.wordfence.com/threat-intel/vulnerabilities/id/f9d9e485-171f-4e36-943d-397d540e31f4?source=cve
Configurations

No configuration.

History

12 Jun 2025, 16:06

Type Values Removed Values Added
Summary
  • (es) El complemento WP-DownloadManager para WordPress es vulnerable a la eliminación arbitraria de archivos debido a la falta de restricciones en el directorio desde el que se puede eliminar un archivo en todas las versiones hasta la 1.68.10 incluida. Esto permite a atacantes autenticados, con acceso de administrador o superior, eliminar archivos arbitrarios en el servidor, lo que puede provocar fácilmente la ejecución remota de código al eliminar el archivo correcto (como wp-config.php). Esta vulnerabilidad se puede combinar con CVE-2025-4798 para eliminar cualquier archivo dentro del directorio root de WordPress.

11 Jun 2025, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-11 04:15

Updated : 2025-06-12 16:06

NVD link : CVE-2025-4799

Mitre link : CVE-2025-4799

CVE.ORG link : CVE-2025-4799

JSON object : View

Products Affected

No product.

CWE
CWE-36

Absolute Path Traversal