{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1785", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-28T16:12:41.242Z", "datePublished": "2025-03-13T07:31:39.039Z", "dateUpdated": "2026-04-08T17:18:44.296Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:18:44.296Z"}, "affected": [{"vendor": "codename065", "product": "Download Manager", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.3.08", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service."}], "title": "Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5c7974-4c10-4880-8823-2accee3c0da4?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3252990%40download-manager&new=3252990%40download-manager&sfp_email=&sfph_mail=#file4"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "zhuxuan wu"}], "timeline": [{"time": "2025-03-12T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-13T20:12:52.787359Z", "id": "CVE-2025-1785", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-13T20:13:02.111Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1785", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-13T20:12:52.787359Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-13T20:12:57.673Z"}}], "cna": {"title": "Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite", "credits": [{"lang": "en", "type": "finder", "value": "zhuxuan wu"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}}], "affected": [{"vendor": "codename065", "product": "Download Manager", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.3.08"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-12T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5c7974-4c10-4880-8823-2accee3c0da4?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3252990%40download-manager&new=3252990%40download-manager&sfp_email=&sfph_mail=#file4"}], "descriptions": [{"lang": "en", "value": "The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-03-13T07:31:39.039Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1785", "state": "PUBLISHED", "dateUpdated": "2025-03-13T20:13:02.111Z", "dateReserved": "2025-02-28T16:12:41.242Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-13T07:31:39.039Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:w3eden:download_manager:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "BDA78B89-8502-423E-8369-CA6CEC511EB7", "versionEndExcluding": "3.3.09", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service."}, {"lang": "es", "value": "El complemento Download Manager para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 3.3.08 incluida, mediante la acci\u00f3n 'wpdm_newfile'. Esto permite que atacantes autenticados, con acceso de autor o superior, sobrescriban determinados tipos de archivo fuera del directorio original, lo que puede provocar una denegaci\u00f3n de servicio."}], "id": "CVE-2025-1785", "lastModified": "2025-07-08T15:34:55.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-13T08:15:10.950", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3252990%40download-manager&new=3252990%40download-manager&sfp_email=&sfph_mail=#file4"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5c7974-4c10-4880-8823-2accee3c0da4?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T23:34:51.991354+00:00", "value": {"mitigation_remediation": ["Update the Download Manager plugin to the latest version, which removes the traversal flaw.", "If updating is not immediately possible, limit Author-level accounts to basic read\u2011only roles or remove file\u2011upload capabilities to reduce the ability to target the flaw.", "Disable or delete the plugin entirely if it is not required for site functionality.", "As a temporary control, monitor the site\u2019s file integrity and audit logs for unexpected file changes or attempted writes to critical directories."], "summary": {"action": "Update", "impact": "Limited file overwrite leading to denial of service"}, "threat_synthesis": {"affected_systems": "The affected system is the Download Manager plugin by codename065, available as a free WordPress plugin. Versions up to and including 3.3.08 contain the vulnerability. The plugin is commonly installed on WordPress sites where it provides file\u2011management functionality.", "description_and_impact": "The Download Manager plugin for WordPress allows authenticated users with Author role or higher to exploit a directory traversal flaw via the 'wpdm_newfile' action. This flaw permits overwriting of select file types located in directories outside the intended plugin directory. The vulnerability could result in denial of service by corrupting or replacing critical files such as configuration or template files, though the scope is limited to specific file types and does not provide arbitrary code execution.", "risk_and_exploitability": "The CVSS score of 5.4 indicates moderate risk, while an EPSS score of less than 1% signals a low probability of exploitation. The issue is not listed in the CISA KEV catalog, suggesting it is not a widely leveraged, known exploit. The attack vector is inferred to be an authenticated user with Author or higher privileges; the vulnerability requires knowledge of the internal file paths and acceptable file types. No public exploits or evidence of active compromise have been reported."}}}}, "created": "2026-04-20T23:45:21.602603+00:00", "updated": "2026-04-20T23:45:21.602613+00:00", "vendors": []}