CVE-2026-2426 in WP-DownloadManager Plugininformação

Sumário

de MITRE • 18/02/2026

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can lead to remote code execution when critical files like wp-config.php are deleted.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Divulgação

18/02/2026

Moderação

aceite

Entrada

VDB-346430

CPE

pronto

CWE

CWE-22 (confirmado)

CVSS

6.5 (CNA)

EPSS

0.00837

KEV

não

Atividades

muito baixo

Sector

Hostingprovider

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-2426
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-2426
CVE Details	https://www.cvedetails.com/cve/CVE-2026-2426/

◂ Voltar Visão Geral Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!