Skip to main content

CVE-2025-4798: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in gamerz WP-DownloadManager

Medium
VulnerabilityCVE-2025-4798cvecve-2025-4798cwe-200
Published: Wed Jun 11 2025 (06/11/2025, 03:41:52 UTC)
Source: CVE Database V5
Vendor/Project: gamerz
Product: WP-DownloadManager

Description

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files.

AI-Powered Analysis

AILast updated: 07/12/2025, 01:03:18 UTC

Technical Analysis

CVE-2025-4798 is a vulnerability identified in the WP-DownloadManager plugin for WordPress, developed by gamerz. This vulnerability affects all versions up to and including 1.68.10. The core issue is an arbitrary file read vulnerability stemming from insufficient restrictions on the directory selection for storing downloads. Specifically, administrators or users with administrator-level privileges can select any directory on the server to store downloadable files without proper validation or restriction. This flaw allows an authenticated attacker with administrator privileges to read any file on the server, including sensitive system and configuration files. The vulnerability is classified under CWE-200, which relates to the exposure of sensitive information to unauthorized actors. The CVSS v3.1 base score is 4.9, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) shows that the attack can be performed remotely over the network with low attack complexity, but requires high privileges (administrator access) and no user interaction. The impact is primarily on confidentiality, as attackers can access sensitive data, but there is no impact on integrity or availability. No known exploits are reported in the wild as of the publication date (June 11, 2025), and no patches have been linked yet. The vulnerability is significant because WordPress is a widely used content management system, and WP-DownloadManager is a popular plugin for managing downloadable content. If exploited, attackers could access critical files such as configuration files containing database credentials, private keys, or other sensitive information that could facilitate further attacks or data breaches.

Potential Impact

For European organizations, this vulnerability poses a considerable risk, especially for those relying on WordPress websites with the WP-DownloadManager plugin installed. The exposure of sensitive files can lead to unauthorized disclosure of confidential business information, customer data, or internal credentials. This could result in reputational damage, regulatory non-compliance (e.g., GDPR violations due to data breaches), and potential financial losses. Since the vulnerability requires administrator-level access, the initial compromise vector might be through phishing or credential theft. Once an attacker gains admin access, they can exploit this vulnerability to escalate their access by reading sensitive files. This could also facilitate lateral movement within the organization's network. The impact is heightened for organizations hosting critical services or e-commerce platforms on WordPress, as attackers could extract payment information or intellectual property. Additionally, the lack of patches means organizations must rely on mitigation strategies until an official fix is released, increasing the window of exposure.

Mitigation Recommendations

1. Restrict administrator access strictly: Implement strong access controls and multi-factor authentication (MFA) for all WordPress administrator accounts to reduce the risk of credential compromise. 2. Monitor and audit admin activities: Enable detailed logging of administrator actions within WordPress and the hosting environment to detect suspicious directory changes or file access patterns. 3. Use web application firewalls (WAFs): Deploy a WAF with custom rules to detect and block attempts to exploit arbitrary file read vulnerabilities or unusual file download requests. 4. Isolate WordPress hosting environment: Use containerization or sandboxing techniques to limit the impact of a compromised WordPress instance on the broader network. 5. Regularly update plugins and core: Although no patch is currently available, monitor vendor communications for updates and apply patches promptly once released. 6. Implement file system permissions: Configure the server’s file system permissions to restrict the WordPress process and administrators from accessing sensitive directories outside the intended download storage paths. 7. Conduct penetration testing: Regularly test WordPress installations for this and similar vulnerabilities to identify and remediate weaknesses proactively. 8. Backup critical data: Maintain secure, offline backups of website data and configurations to enable recovery in case of compromise.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-05-15T18:56:10.692Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6848fed43cd93dcca831b15d

Added to database: 6/11/2025, 3:58:12 AM

Last enriched: 7/12/2025, 1:03:18 AM

Last updated: 8/15/2025, 7:17:39 AM

Views: 31

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats