CVE-2026-2426

Name of the Vulnerable Software and Affected Versions WP-DownloadManager versions prior to 1.69

Description The WP-DownloadManager plugin for WordPress is susceptible to a Path Traversal issue due to inadequate validation of file paths provided by users. This affects the file deletion functionality, specifically through the file parameter. Successful exploitation allows authenticated attackers with Administrator-level access or higher to delete arbitrary files on the server. Deletion of critical files, such as wp-config.php, could lead to remote code execution.

Recommendations Update WP-DownloadManager to a version newer than 1.69.