{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10747", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-19T19:48:07.090Z", "datePublished": "2025-09-26T05:27:20.601Z", "dateUpdated": "2026-04-08T16:43:52.052Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:43:52.052Z"}, "affected": [{"vendor": "gamerz", "product": "WP-DownloadManager", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.68.11", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "WP-DownloadManager <= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2c535cea-dad6-440f-b37f-6d196b469214?source=cve"}, {"url": "https://wordpress.org/plugins/wp-downloadmanager/"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-add.php#L35"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3364847%40wp-downloadmanager&new=3364847%40wp-downloadmanager&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Sunnatillo Abdivasiyev"}], "timeline": [{"time": "2025-09-20T04:27:59.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-09-25T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-26T19:48:06.922274Z", "id": "CVE-2025-10747", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-26T19:48:25.317Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10747", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-26T19:48:06.922274Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-26T19:48:16.439Z"}}], "cna": {"title": "WP-DownloadManager <= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Sunnatillo Abdivasiyev"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "gamerz", "product": "WP-DownloadManager", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.68.11"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-20T04:27:59.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-09-25T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2c535cea-dad6-440f-b37f-6d196b469214?source=cve"}, {"url": "https://wordpress.org/plugins/wp-downloadmanager/"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-add.php#L35"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3364847%40wp-downloadmanager&new=3364847%40wp-downloadmanager&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:43:52.052Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10747", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:43:52.052Z", "dateReserved": "2025-09-19T19:48:07.090Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-26T05:27:20.601Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "id": "CVE-2025-10747", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-26T06:15:35.090", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-add.php#L35"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3364847%40wp-downloadmanager&new=3364847%40wp-downloadmanager&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/wp-downloadmanager/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2c535cea-dad6-440f-b37f-6d196b469214?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T22:09:32.234179+00:00", "value": {"mitigation_remediation": ["Upgrade WP\u2011DownloadManager to the latest version (>=1.68.12) to enforce file type validation.", "If upgrading is not immediately possible, restrict access to download\u2011add.php so that only authorized administrators can upload files, for example by setting web\u2011server permissions or using an .htaccess rule.", "Add an additional server\u2011side file\u2011type check or deploy a WAF rule that rejects uploads with disallowed mime types or extensions before they reach the plugin."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All installations of the WP\u2011DownloadManager plugin from vendor gamerz, specifically versions 1.68.11 and earlier, are affected. The vulnerability exists in the download\u2011add.php handling of upload requests.", "description_and_impact": "The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads because file type validation is omitted in download\u2011add.php. Administrative access allows an attacker to upload any file, potentially including scripts, which could lead to remote code execution on the server. This flaw is classified as CWE\u2011434 and grants the ability to alter server\u2011side file contents.", "risk_and_exploitability": "The vulnerability has a CVSS score of 7.2, an EPSS score below 1%, and is not listed in the CISA KEV catalog. Exploitation requires a user with Administrator\u2011level privileges; once logged in, the attacker can reach the vulnerable upload endpoint. Because the attack vector is internal and authenticated, the likelihood of exploitation is low but the impact is high, making the risk moderate to high for sites with exposed admin accounts."}}}}, "created": "2025-09-29T09:31:23.894190+00:00", "updated": "2026-04-22T22:15:26.355139+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}