CVE-2025-4798 – WordPress WP-DownloadManager Arbitrary File Read Vulnerability

June 11, 2025

CVE ID : CVE-2025-4798

Published : June 11, 2025, 4:15 a.m. | 1 hour, 36 minutes ago

Description : The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4799 – WordPress WP-DownloadManager Remote File Deletion Vulnerability

Next Article CVE-2025-4666 – Zotpress WordPress Stored Cross-Site Scripting Vuln

Web Components: Working With Shadow DOM

Google’s new Opal tool allows users to create mini AI apps with no coding required

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Microsoft wants you to chat with its browser now – but can you trust this Copilot?

I tested the Dell XPS’ successor – here are the biggest upgrades (and what’s the same)

I’m a Linux pro – here are my top 5 command line backup tools for desktops and servers

Should you buy a refurbished iPad? I tried one from Back Market and here’s my verdict

elegantweb/sanitizer

elegantweb/sanitizer

Streamlined String Encryption with Laravel’s Fluent Methods

Resume PHP

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

New Xbox games launching this week, from July 28 through August 3 — Grounded 2 arrives on Xbox Game Pass

TikTok’s owner forked Microsoft’s Visual Studio Code and concerns have been raised — reports suggest it’s resource heavy and never stops ‘phoning home’

CVE-2025-4798 – WordPress WP-DownloadManager Arbitrary File Read Vulnerability

Tea Dating Advice app spills sensitive data

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

Don’t Choose the Wrong Web Team — Here’s Why It Matters

Adobe Photoshop is getting its first AI agent – here’s what it can do for you

How Salesforce’s 5-level framework for AI agents finally cuts through the hype

The Division 2’s new Brooklyn Archivist Merit Commendation was driving me INSANE — it turns out there’s a sneaky extra step you need to do first

Yandex Releases Alchemist: A Compact Supervised Fine-Tuning Dataset for Enhancing Text-to-Image T2I Model Quality

Unpatched security hole has left millions of Moonpig customers at risk for 17 months

Bcachefs rimosso dal kernel Linux 6.17 a causa di disaccordi tra i responsabili

It took 15 YEARS for Minecraft to let us craft this item, but it’s finally coming (plus new music and more)

CVE-2025-4798 – WordPress WP-DownloadManager Arbitrary File Read Vulnerability

Related Posts