CVE-2022-3076

Name of the Vulnerable Software and Affected Versions CM Download Manager WordPress plugin versions prior to 2.8.6

Description The issue allows high privilege users, such as admins, to upload arbitrary files by setting any extension via the plugin's setting. This could be exploited by admins of multisite blogs to upload PHP files, for example.

Recommendations For CM Download Manager WordPress plugin versions prior to 2.8.6, update to version 2.8.6 or later to resolve the issue. As a temporary workaround, consider restricting the upload functionality to prevent high privilege users from uploading arbitrary files until the update is applied.