CVE-2025-2048

Name of the Vulnerable Software and Affected Versions Lana Downloads Manager WordPress plugin versions prior to 1.10.0

Description The issue concerns the Lana Downloads Manager WordPress plugin, which does not validate user input used in a path. This could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server.

Recommendations For versions prior to 1.10.0, update to version 1.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality for users with an admin role until the update is applied.