CVE-2025-4798: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in gamerz WP-DownloadManager
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files.
AI Analysis
Technical Summary
CVE-2025-4798 is a vulnerability identified in the WP-DownloadManager plugin for WordPress, developed by gamerz. This vulnerability affects all versions up to and including 1.68.10. The core issue is an arbitrary file read vulnerability stemming from insufficient restrictions on the directory selection for storing downloads. Specifically, administrators or users with administrator-level privileges can select any directory on the server to store downloadable files without proper validation or restriction. This flaw allows an authenticated attacker with administrator privileges to read any file on the server, including sensitive system and configuration files. The vulnerability is classified under CWE-200, which relates to the exposure of sensitive information to unauthorized actors. The CVSS v3.1 base score is 4.9, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) shows that the attack can be performed remotely over the network with low attack complexity, but requires high privileges (administrator access) and no user interaction. The impact is primarily on confidentiality, as attackers can access sensitive data, but there is no impact on integrity or availability. No known exploits are reported in the wild as of the publication date (June 11, 2025), and no patches have been linked yet. The vulnerability is significant because WordPress is a widely used content management system, and WP-DownloadManager is a popular plugin for managing downloadable content. If exploited, attackers could access critical files such as configuration files containing database credentials, private keys, or other sensitive information that could facilitate further attacks or data breaches.
Potential Impact
For European organizations, this vulnerability poses a considerable risk, especially for those relying on WordPress websites with the WP-DownloadManager plugin installed. The exposure of sensitive files can lead to unauthorized disclosure of confidential business information, customer data, or internal credentials. This could result in reputational damage, regulatory non-compliance (e.g., GDPR violations due to data breaches), and potential financial losses. Since the vulnerability requires administrator-level access, the initial compromise vector might be through phishing or credential theft. Once an attacker gains admin access, they can exploit this vulnerability to escalate their access by reading sensitive files. This could also facilitate lateral movement within the organization's network. The impact is heightened for organizations hosting critical services or e-commerce platforms on WordPress, as attackers could extract payment information or intellectual property. Additionally, the lack of patches means organizations must rely on mitigation strategies until an official fix is released, increasing the window of exposure.
Mitigation Recommendations
1. Restrict administrator access strictly: Implement strong access controls and multi-factor authentication (MFA) for all WordPress administrator accounts to reduce the risk of credential compromise. 2. Monitor and audit admin activities: Enable detailed logging of administrator actions within WordPress and the hosting environment to detect suspicious directory changes or file access patterns. 3. Use web application firewalls (WAFs): Deploy a WAF with custom rules to detect and block attempts to exploit arbitrary file read vulnerabilities or unusual file download requests. 4. Isolate WordPress hosting environment: Use containerization or sandboxing techniques to limit the impact of a compromised WordPress instance on the broader network. 5. Regularly update plugins and core: Although no patch is currently available, monitor vendor communications for updates and apply patches promptly once released. 6. Implement file system permissions: Configure the server’s file system permissions to restrict the WordPress process and administrators from accessing sensitive directories outside the intended download storage paths. 7. Conduct penetration testing: Regularly test WordPress installations for this and similar vulnerabilities to identify and remediate weaknesses proactively. 8. Backup critical data: Maintain secure, offline backups of website data and configurations to enable recovery in case of compromise.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-4798: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in gamerz WP-DownloadManager
Description
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files.
AI-Powered Analysis
Technical Analysis
CVE-2025-4798 is a vulnerability identified in the WP-DownloadManager plugin for WordPress, developed by gamerz. This vulnerability affects all versions up to and including 1.68.10. The core issue is an arbitrary file read vulnerability stemming from insufficient restrictions on the directory selection for storing downloads. Specifically, administrators or users with administrator-level privileges can select any directory on the server to store downloadable files without proper validation or restriction. This flaw allows an authenticated attacker with administrator privileges to read any file on the server, including sensitive system and configuration files. The vulnerability is classified under CWE-200, which relates to the exposure of sensitive information to unauthorized actors. The CVSS v3.1 base score is 4.9, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) shows that the attack can be performed remotely over the network with low attack complexity, but requires high privileges (administrator access) and no user interaction. The impact is primarily on confidentiality, as attackers can access sensitive data, but there is no impact on integrity or availability. No known exploits are reported in the wild as of the publication date (June 11, 2025), and no patches have been linked yet. The vulnerability is significant because WordPress is a widely used content management system, and WP-DownloadManager is a popular plugin for managing downloadable content. If exploited, attackers could access critical files such as configuration files containing database credentials, private keys, or other sensitive information that could facilitate further attacks or data breaches.
Potential Impact
For European organizations, this vulnerability poses a considerable risk, especially for those relying on WordPress websites with the WP-DownloadManager plugin installed. The exposure of sensitive files can lead to unauthorized disclosure of confidential business information, customer data, or internal credentials. This could result in reputational damage, regulatory non-compliance (e.g., GDPR violations due to data breaches), and potential financial losses. Since the vulnerability requires administrator-level access, the initial compromise vector might be through phishing or credential theft. Once an attacker gains admin access, they can exploit this vulnerability to escalate their access by reading sensitive files. This could also facilitate lateral movement within the organization's network. The impact is heightened for organizations hosting critical services or e-commerce platforms on WordPress, as attackers could extract payment information or intellectual property. Additionally, the lack of patches means organizations must rely on mitigation strategies until an official fix is released, increasing the window of exposure.
Mitigation Recommendations
1. Restrict administrator access strictly: Implement strong access controls and multi-factor authentication (MFA) for all WordPress administrator accounts to reduce the risk of credential compromise. 2. Monitor and audit admin activities: Enable detailed logging of administrator actions within WordPress and the hosting environment to detect suspicious directory changes or file access patterns. 3. Use web application firewalls (WAFs): Deploy a WAF with custom rules to detect and block attempts to exploit arbitrary file read vulnerabilities or unusual file download requests. 4. Isolate WordPress hosting environment: Use containerization or sandboxing techniques to limit the impact of a compromised WordPress instance on the broader network. 5. Regularly update plugins and core: Although no patch is currently available, monitor vendor communications for updates and apply patches promptly once released. 6. Implement file system permissions: Configure the server’s file system permissions to restrict the WordPress process and administrators from accessing sensitive directories outside the intended download storage paths. 7. Conduct penetration testing: Regularly test WordPress installations for this and similar vulnerabilities to identify and remediate weaknesses proactively. 8. Backup critical data: Maintain secure, offline backups of website data and configurations to enable recovery in case of compromise.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-05-15T18:56:10.692Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6848fed43cd93dcca831b15d
Added to database: 6/11/2025, 3:58:12 AM
Last enriched: 7/12/2025, 1:03:18 AM
Last updated: 8/8/2025, 8:23:00 AM
Views: 30
Related Threats
CVE-2025-9016: Uncontrolled Search Path in Mechrevo Control Center GX V2
HighCVE-2025-8451: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpdevteam Essential Addons for Elementor – Popular Elementor Templates & Widgets
MediumCVE-2025-8013: CWE-918 Server-Side Request Forgery (SSRF) in quttera Quttera Web Malware Scanner
LowCVE-2025-6679: CWE-434 Unrestricted Upload of File with Dangerous Type in bitpressadmin Bit Form – Custom Contact Form, Multi Step, Conversational, Payment & Quiz Form builder
CriticalCVE-2025-9013: SQL Injection in PHPGurukul Online Shopping Portal Project
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.