What the vulnerability does
01Description
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=export_csv and a malicious path parameter to read arbitrary files like wp-config.php accessible to the web server.
Explanation of Vulnerability in Simple Terms
02Summary
Ad Manager WD versions 1.0.11 and earlier contain a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files from the server. An attacker can craft requests to access files outside the intended directory, potentially exposing sensitive configuration files, database credentials, or other confidential data stored on the server.
What an attacker can do
03Attacker Capabilities
Read arbitrary files from the server without authentication.
Potential impact on your site
04Site Impact
Attackers can access sensitive files like wp-config.php, database backups, or private keys without logging in.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
June 4, 2026
CVE published
June 4, 2026
Record updated