Primary

Context

Lana Downloads Manager WordPress Plugin Path Traversal Vulnerability Allowing Arbitrary File Download

Vulnerability

Patched

A path traversal vulnerability has been identified in the Lana Downloads Manager WordPress plugin, affecting versions prior to 1.10.0. The vulnerability arises because the plugin fails to properly validate user input used in file paths. This flaw could enable users with admin roles to exploit path traversal techniques and download arbitrary files from the server.

Impact

Exploitation of this vulnerability could lead to unauthorized access and download of sensitive files from the server.

Remediation

Users are advised to update the Lana Downloads Manager WordPress plugin to version 1.10.0 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

0.0

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

0.0

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lana Downloads Manager WordPress Plugin Path Traversal Vulnerability Allowing Arbitrary File Download

Vulnerability

Impact

Remediation

Affected Products

Lana Downloads Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating