VYPR
Unrated severityNVD Advisory· Published Sep 26, 2022· Updated May 22, 2025

CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload

CVE-2022-3076

Description

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.