{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4798", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-15T18:56:10.692Z", "datePublished": "2025-06-11T03:41:52.636Z", "dateUpdated": "2026-04-08T16:59:16.878Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:59:16.878Z"}, "affected": [{"vendor": "gamerz", "product": "WP-DownloadManager", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.68.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files."}], "title": "WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd166bc-774e-4083-b5f7-bffba1f7c293?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L16"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42"}, {"url": "https://plugins.trac.wordpress.org/changeset/3294467/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jamshed Yergashvoyev"}], "timeline": [{"time": "2025-06-10T15:30:37.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-11T13:24:22.564285Z", "id": "CVE-2025-4798", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:24:30.120Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4798", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-11T13:24:22.564285Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:24:25.212Z"}}], "cna": {"title": "WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read", "credits": [{"lang": "en", "type": "finder", "value": "Jamshed Yergashvoyev"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "gamerz", "product": "WP-DownloadManager", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.68.10"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-10T15:30:37.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd166bc-774e-4083-b5f7-bffba1f7c293?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L16"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42"}, {"url": "https://plugins.trac.wordpress.org/changeset/3294467/"}], "descriptions": [{"lang": "en", "value": "The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:59:16.878Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4798", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:59:16.878Z", "dateReserved": "2025-05-15T18:56:10.692Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-11T03:41:52.636Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wp-downloadmanager_project:wp-downloadmanager:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2A91B2C1-21DC-4F34-9CDC-F9E88C02767D", "versionEndExcluding": "1.68.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files."}, {"lang": "es", "value": "El complemento WP-DownloadManager para WordPress es vulnerable a la lectura arbitraria de archivos en todas las versiones hasta la 1.68.10 incluida. Esto se debe a la falta de restricciones en el directorio que un administrador puede seleccionar para almacenar las descargas. Esto permite que atacantes autenticados, con acceso de administrador o superior, descarguen y lean cualquier archivo del servidor, incluyendo archivos de sistema y de configuraci\u00f3n."}], "id": "CVE-2025-4798", "lastModified": "2025-07-09T19:03:51.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-06-11T04:15:58.497", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L16"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3294467/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd166bc-774e-4083-b5f7-bffba1f7c293?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T20:21:51.373082+00:00", "value": {"mitigation_remediation": ["Upgrade WP-DownloadManager to version 1.68.11 or later to eliminate the directory restriction flaw.", "If an upgrade is not immediately possible, disable or uninstall the WP-DownloadManager plugin to prevent exploitation while a patch is applied.", "Ensure that the WordPress upload and temporary directories have appropriate file permissions so that administrators cannot arbitrarily specify critical system paths."], "summary": {"action": "Apply Patch", "impact": "Arbitrary File Read"}, "threat_synthesis": {"affected_systems": "The affected product is WP-DownloadManager, supplied by gamerz, for WordPress. All versions up to and including 1.68.10 are vulnerable. Versions 1.68.11 and newer contain the fix and are not affected.", "description_and_impact": "The WP-DownloadManager plugin for WordPress, in all releases up to 1.68.10, allows administrators or higher\u2011privileged users to read any file on the server. The vulnerability arises because the plugin accepts a target directory for storing downloads without enforcing restrictions, enabling the selection of arbitrary system paths. An attacker who can authenticate as an administrator can therefore download and view sensitive files, such as configuration or system files, leading to confidentiality compromise.", "risk_and_exploitability": "The CVSS score of 4.9 indicates a moderate impact when an authorized administrator exploits the flaw. The EPSS score of less than 1% reflects a very low likelihood of active exploitation at this time. The vulnerability is not listed in the CISA KEV catalog, suggesting it is not a widely known or actively leveraged threat. The attack vector is inferred to be internal \u2013 an attacker must first gain administrator\u2011level access to the site; once authenticated, the missing directory restriction allows arbitrary file reads."}}}}, "created": "2026-04-21T20:30:27.399383+00:00", "updated": "2026-04-21T20:30:27.399394+00:00", "vendors": []}