{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4799", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-15T19:37:36.032Z", "datePublished": "2025-06-11T03:41:53.029Z", "dateUpdated": "2026-04-08T17:34:15.795Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:15.795Z"}, "affected": [{"vendor": "gamerz", "product": "WP-DownloadManager", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.68.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory."}], "title": "WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9d9e485-171f-4e36-943d-397d540e31f4?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L16"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-manager.php#L215"}, {"url": "https://plugins.trac.wordpress.org/changeset/3294467/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-36 Absolute Path Traversal", "cweId": "CWE-36", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jamshed Yergashvoyev"}], "timeline": [{"time": "2025-06-10T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-11T13:23:45.565512Z", "id": "CVE-2025-4799", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:23:50.639Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4799", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-11T13:23:45.565512Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:23:47.521Z"}}], "cna": {"title": "WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Deletion", "credits": [{"lang": "en", "type": "finder", "value": "Jamshed Yergashvoyev"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "gamerz", "product": "WP-DownloadManager", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.68.10"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-10T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9d9e485-171f-4e36-943d-397d540e31f4?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L16"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-manager.php#L215"}, {"url": "https://plugins.trac.wordpress.org/changeset/3294467/"}], "descriptions": [{"lang": "en", "value": "The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-36", "description": "CWE-36 Absolute Path Traversal"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:15.795Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4799", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:34:15.795Z", "dateReserved": "2025-05-15T19:37:36.032Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-11T03:41:53.029Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wp-downloadmanager_project:wp-downloadmanager:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2A91B2C1-21DC-4F34-9CDC-F9E88C02767D", "versionEndExcluding": "1.68.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory."}, {"lang": "es", "value": "El complemento WP-DownloadManager para WordPress es vulnerable a la eliminaci\u00f3n arbitraria de archivos debido a la falta de restricciones en el directorio desde el que se puede eliminar un archivo en todas las versiones hasta la 1.68.10 incluida. Esto permite a atacantes autenticados, con acceso de administrador o superior, eliminar archivos arbitrarios en el servidor, lo que puede provocar f\u00e1cilmente la ejecuci\u00f3n remota de c\u00f3digo al eliminar el archivo correcto (como wp-config.php). Esta vulnerabilidad se puede combinar con CVE-2025-4798 para eliminar cualquier archivo dentro del directorio root de WordPress."}], "id": "CVE-2025-4799", "lastModified": "2025-07-09T19:11:14.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-06-11T04:15:59.223", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-manager.php#L215"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L16"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3294467/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9d9e485-171f-4e36-943d-397d540e31f4?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-36"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:23:42.698515+00:00", "value": {"mitigation_remediation": ["Upgrade WP\u2011DownloadManager to the latest version (\u2265\u202f1.68.11) that removes the unrestricted deletion feature.", "If the plugin is not needed for your website, disable or uninstall it to eliminate the attack surface.", "Revise user role permissions to remove unnecessary administrator access or restrict the administrator role to only essential functions, thereby limiting the potential for exploitation by compromised accounts."], "summary": {"action": "Patch Immediately", "impact": "Arbitrary File Deletion with potential remote code execution"}, "threat_synthesis": {"affected_systems": "The flaw exists in all releases of WP\u2011DownloadManager up to and including version 1.68.10, a plugin maintained by gamerz for WordPress sites that rely on the WP\u2011DownloadManager project. All WordPress installations that have this plugin installed and have enabled administrator accounts are affected.", "description_and_impact": "The WP\u2011DownloadManager plugin for WordPress allows authenticated administrators to delete any file because it does not limit the target directory. An attacker who logs in with administrator or higher privileges can point the deletion action to critical files such as wp\u2011config.php, thereby creating a vector for remote code execution if the deleted file is later replaced or the system is otherwise compromised. The vulnerability also relates to CVE\u20112025\u20114798, which can be used together to delete any file within the WordPress root directory.", "risk_and_exploitability": "The CVSS score of 7.2 indicates a high risk level, while the EPSS score of 7\u202f% suggests a non\u2011trivial likelihood of exploitation within the near future. The vulnerability is not yet catalogued in CISA\u2019s KEV list, so it is considered low to moderate exposure according to the KEV database. The exploitation scenario is straightforward: an attacker must have administrator access and simply choose a file path to delete. Because the deletion is not restricted to the plugin\u2019s managed directories, any file under the web server\u2019s root can be removed, leading to potential privilege escalation or arbitrary code execution."}}}}, "created": "2026-04-22T01:30:05.235118+00:00", "updated": "2026-04-22T01:30:05.235128+00:00", "vendors": []}