CVE-2022-2926

CVE-2022-2926: Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal

Vendor Unknown
Product Download Manager
Weakness CWE-22 · Path traversal
Published September 26, 2022
Last update May 21, 2025

CVSS base score

What the vulnerability does

01Description

The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory

Key dates

02Disclosure timeline

September 26, 2022 CVE published
May 21, 2025 Record updated