- Description
- The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-22
- Hype score
- Not currently trending
[CVE-2025-3404: HIGH] WordPress Download Manager vulnerable to file deletion in versions up to 3.3.12. Authenticated attackers can delete files leading to potential server compromise and remote code execution.#cve,CVE-2025-3404,#cybersecurity https://t.co/K9DSgW1rJZ https://t.co/
@CveFindCom
22 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ CVE-2025-3404 ๐ด HIGH (8.8) ๐ข codename065 - Download Manager ๐๏ธ * ๐ https://t.co/BSEaarfefI ๐ https://t.co/eUNSMgselN ๐ https://t.co/3J7lE1jfZM #CyberCron #VulnAlert #InfoSec https://t.co/WiA4CLBhMI
@cybercronai
19 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๏ฟฝ๏ฟฝ CVE-2025-3404 - WordPress - HIGH ๐จ ๐๏ธ Date published 2025-04-19 08:15:13 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/Ro6rauNFFO
@vulns_space
19 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes