VYPR
Unrated severityNVD Advisory· Published Nov 4, 2014· Updated Jun 17, 2026

CVE-2014-8585

CVE-2014-8585

Description

Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.