Unrated severityNVD Advisory· Published Sep 26, 2022· Updated May 21, 2025

Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal

CVE-2022-2926

Description

The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory

Affected products

Unknown/Download Managerv5
Range: 3.2.55

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000