CVE-2025-1785

Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to and including 3.3.08

Description: The issue allows authenticated attackers with Author-level access or higher to overwrite certain file types outside the original directory via the wpdm newfile action, potentially causing a denial of service. This is a result of a Directory Traversal vulnerability.

Recommendations: For Download Manager plugin for WordPress versions up to and including 3.3.08, update to a version later than 3.3.08 to resolve the issue. As a temporary workaround, consider restricting access to the wpdm newfile action to minimize the risk of exploitation.