CVE-2026-2426 in WP-DownloadManager Pluginالمعلومات

الملخص

بحسب MITRE • 18/02/2026

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can lead to remote code execution when critical files like wp-config.php are deleted.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

إفشاء

18/02/2026

الاعتدال

تمت الموافقة

إدخال

VDB-346430

CPE

جاهز

CWE

CWE-22 (مؤكد)

CVSS

6.5 (CNA)

EPSS

0.00837

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-2426
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-2426
CVE Details	https://www.cvedetails.com/cve/CVE-2026-2426/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!