CVE-2025-10747

Published September 26th, 2025

View on NVD ↗

CVSS v3

7.2

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

WP-DownloadManager

<h3>General Usage</h3> <ol> <li>You Need To Re-Generate The Permalink <code>WP-Admin -> Settings -> Permalinks -> Save Changes</code></li> <li>To embed a specific file to be downloaded into a post/page, use <code>[download id="2"]</code> where 2 is your file id.</li> <li>To embed multiple files to be downloaded into a post/page, use <code>[download id="1,2,3"]</code> where 1,2,3 are your file ids.</li> <li>To limit the number of embedded downloads shown for each post in a post stream, use the <code>stream_limit</code> option. <ol> <li>Example: <code>[download id="2" stream_limit="4"]</code></li> <li>This will only display the first 4 downloads for the post when rendered in a post stream, and display the full list of downloads when viewing the single post.</li> </ol> </li> <li>To sort embedded downloads, use the <code>sort_by</code> and <code>sort_order</code> options. <ol> <li>Example: <code>[download id="2" sort_by="file_id" sort_order="asc"]</code></li> <li>This will sort the embedded downloads by file ID in ascending order.</li> <li>Valid values for <code>sort_by</code> are: <code>file_id</code>, <code>file</code>, <code>file_name</code>, <code>file_size</code>, <code>file_date</code>, and <code>file_hits</code></li> </ol> </li> <li>To choose what to display within the embedded file, use <code>[download id="1" display="both"]</code> where 1 is your file id and both will display both the file name and file desccription, whereas name will only display the filename. Note that this will overwrite the “Download Embedded File” template you have in your Download Templates.</li> <li>To embed files as well as categories, use <code>[download id="1,2,3" category="4,5,6"]</code> where 1,2,3 are your file id and 4,5,6 are your category ids.</li> <li>If you are using Default Permalinks, the file direct download link will be <code>http://yoursite.com/index.php?dl_id=2</code>. If you are using Nice Permalinks, the file direct download link will be <code>http://yoursite.com/download/2/</code>, where yoursite.com is your WordPress URL and 2 is your file id.</li> <li>The direct download category link will be <code>http://yoursite.com/downloads/?dl_cat=3</code>, where yoursite.com is your WordPress URL, downloads is your Downloads Page name and 3 is your download category id.</li> <li>In order to upload the files straight to the downloads folder, the folder must be first CHMOD to 777. You can specify which folder to be the downloads folder in Download Options.</li> <li>You can configure the Download Options in <code>WP-Admin -> Downloads -> Download Options</code></li> <li>You can configure the Download Templates in <code>WP-Admin -> Downloads -> Download Templates</code></li> </ol> <h3>Downloads Page</h3> <ol> <li>Go to <code>WP-Admin -> Pages -> Add New</code></li> <li>Type any title you like in the post’s title area</li> <li>If you <code>ARE</code> using nice permalinks, after typing the title, WordPress will generate the permalink to the page. You will see an ‘Edit’ link just beside the permalink.</li> <li>Click ‘Edit’ and type in <code>downloads</code> in the text field and click ‘Save’.</li> <li>Type <code>[page_download]</code> in the post’s content area.</li> <li>You can also use <code>[page_download category="1"]</code>, this will display all downloads in Category ID 1.</li> <li>Click ‘Publish’</li> </ol> <h3>Download Stats (With Widgets)</h3> <ol> <li>Go to <code>WP-Admin -> Appearance -> Widgets</code></li> <li>The widget name is <code>Downloads</code>.</li> </ol> <h3>Development</h3> <ul> <li><a href="https://github.com/lesterchan/wp-downloadmanager" title="https://github.com/lesterchan/wp-downloadmanager" rel="nofollow ugc">https://github.com/lesterchan/wp-downloadmanager</a></li> </ul> <h3>Translations</h3> <ul> <li><a href="http://dev.wp-plugins.org/browser/wp-downloadmanager/i18n/" title="http://dev.wp-plugins.org/browser/wp-downloadmanager/i18n/" rel="nofollow ugc">http://dev.wp-plugins.org/browser/wp-downloadmanager/i18n/</a></li> </ul> <h3>Credits</h3> <ul> <li>Plugin icon by <a href="http://www.freepik.com" rel="nofollow ugc">Freepik</a> from <a href="http://www.flaticon.com" rel="nofollow ugc">Flaticon</a></li> <li>Icons courtesy of <a href="http://www.famfamfam.com/" title="FamFamFam" rel="nofollow ugc">FamFamFam</a></li> <li>Download Icon by <a href="http://www.imvain.com/"" title="Ryan Zimmerman" rel="nofollow ugc">Ryan Zimmerman</a></li> </ul> <h3>Donations</h3> <ul> <li>I spent most of my free time creating, updating, maintaining and supporting these plugins, if you really love my plugins and could spare me a couple of bucks, I will really appreciate it. If not feel free to use it without any obligations.</li> </ul>

WordPress Plugin Directory

310K