CVE-2022-3076

CVE-2022-3076: CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload

Vendor Unknown
Product CM Download Manager
Weakness CWE-434 · Unrestricted file upload
Published September 26, 2022
Last update May 22, 2025

CVSS base score

What the vulnerability does

01Description

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.

Key dates

02Disclosure timeline

September 26, 2022 CVE published
May 22, 2025 Record updated