Skip to main content

Word Press Download Manager Plugin Patch

Word Press Download Manager plugin is vulnerable to a remote code execution (RCE) and remote file inclusion (RFI) vulnerability.
Threat ID:
CC-2183
Category:
Threat Severity:
Low
Threat Vector:
Published:
28 March 2018 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Word Press Download Manager plugin is vulnerable to a remote code execution (RCE) and remote file inclusion (RFI) vulnerability.

Threat details

An attacker can exploit this vulnerability to take control of the website by uploading back doors and modifying user passwords.

Remediation steps

Type Step
Users and administrators are encouraged to update to version 2.7.5.

Last edited: 17 February 2020 12:57 pm