| Name | wpdm_fileupload |
| CVE | CWE-434 |
| Exploit Pack | CANVAS |
| Description | wpdm_fileupload |
| Notes | CVE Name: CWE-434 VENDOR: wpeden.com Changelog: Notes: WordPress Download Manager (WPDM) 2.6.92 allows for authenticated users (admin, editor, author, contributor, subscriber) to delete and upload arbitrary files. This exploit deletes the .htaccess file in the wp-content/uploads/download-manager-files directory in order to run the uploaded PHP callback. This vulnerability may be present on older versions of WPDM. Repeatability: Infinite References: https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-2/ CVE Url: https://cwe.mitre.org/data/definitions/434.html CERT Advisory: None Date public: 09/08/14 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |