CVE-2025-4798 is a vulnerability identified in the WP-DownloadManager plugin for WordPress, developed by gamerz. This vulnerability affects all versions up to and including 1.68.10. The core issue is an arbitrary file read vulnerability stemming from insufficient restrictions on the directory selection for storing downloads. Specifically, administrators or users with administrator-level privileges can select any directory on the server to store downloadable files without proper validation or restriction. This flaw allows an authenticated attacker with administrator privileges to read any file on the server, including sensitive system and configuration files. The vulnerability is classified under CWE-200, which relates to the exposure of sensitive information to unauthorized actors. The CVSS v3.1 base score is 4.9, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) shows that the attack can be performed remotely over the network with low attack complexity, but requires high privileges (administrator access) and no user interaction. The impact is primarily on confidentiality, as attackers can access sensitive data, but there is no impact on integrity or availability. No known exploits are reported in the wild as of the publication date (June 11, 2025), and no patches have been linked yet. The vulnerability is significant because WordPress is a widely used content management system, and WP-DownloadManager is a popular plugin for managing downloadable content. If exploited, attackers could access critical files such as configuration files containing database credentials, private keys, or other sensitive information that could facilitate further attacks or data breaches.

For European organizations, this vulnerability poses a considerable risk, especially for those relying on WordPress websites with the WP-DownloadManager plugin installed. The exposure of sensitive files can lead to unauthorized disclosure of confidential business information, customer data, or internal credentials. This could result in reputational damage, regulatory non-compliance (e.g., GDPR violations due to data breaches), and potential financial losses. Since the vulnerability requires administrator-level access, the initial compromise vector might be through phishing or credential theft. Once an attacker gains admin access, they can exploit this vulnerability to escalate their access by reading sensitive files. This could also facilitate lateral movement within the organization's network. The impact is heightened for organizations hosting critical services or e-commerce platforms on WordPress, as attackers could extract payment information or intellectual property. Additionally, the lack of patches means organizations must rely on mitigation strategies until an official fix is released, increasing the window of exposure.

1. Restrict administrator access strictly: Implement strong access controls and multi-factor authentication (MFA) for all WordPress administrator accounts to reduce the risk of credential compromise. 2. Monitor and audit admin activities: Enable detailed logging of administrator actions within WordPress and the hosting environment to detect suspicious directory changes or file access patterns. 3. Use web application firewalls (WAFs): Deploy a WAF with custom rules to detect and block attempts to exploit arbitrary file read vulnerabilities or unusual file download requests. 4. Isolate WordPress hosting environment: Use containerization or sandboxing techniques to limit the impact of a compromised WordPress instance on the broader network. 5. Regularly update plugins and core: Although no patch is currently available, monitor vendor communications for updates and apply patches promptly once released. 6. Implement file system permissions: Configure the server’s file system permissions to restrict the WordPress process and administrators from accessing sensitive directories outside the intended download storage paths. 7. Conduct penetration testing: Regularly test WordPress installations for this and similar vulnerabilities to identify and remediate weaknesses proactively. 8. Backup critical data: Maintain secure, offline backups of website data and configurations to enable recovery in case of compromise.