CVE-2022-2926: Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal
First published: Mon Sep 26 2022(Updated: )
The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Downloader | <3.2.55 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-2926?
CVE-2022-2926 is classified as a high severity vulnerability due to its potential to allow unauthorized access to sensitive files.
How do I fix CVE-2022-2926?
To fix CVE-2022-2926, update the Download Manager WordPress plugin to version 3.2.55 or later.
Who is affected by CVE-2022-2926?
CVE-2022-2926 affects users of the Download Manager WordPress plugin versions prior to 3.2.55.
What kind of attacks can exploit CVE-2022-2926?
CVE-2022-2926 can be exploited by high privilege users, such as administrators, to list and read arbitrary files and folders.
What is the impact of CVE-2022-2926 on WordPress sites?
The impact of CVE-2022-2926 includes unauthorized access to sensitive information, potentially compromising the security of WordPress sites.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/title
- agent/severity
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe downloader