CVE-2026-2419 in WP-DownloadManager Plugininfo

Zusammenfassung

von MITRE • 18.02.2026

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the WP_CONTENT_DIR prefix check. This makes it possible for authenticated attackers, with Administrator-level access and above, to configure the plugin to list and access arbitrary files on the server by exploiting the file browser functionality.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Veröffentlichung

18.02.2026

Moderieren

akzeptiert

Eintrag

VDB-346388

CPE

bereit

CWE

CWE-22 (bestätigt)

CVSS

2.7 (CNA)

EPSS

0.00019

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-2419
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-2419
CVE Details	https://www.cvedetails.com/cve/CVE-2026-2419/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!