WordPress.Download.Manager.wpdm_upload_icons.Code.Execution

description-logoDescription

This indicates an attack attempt against a Code Exectuion vulnerability in WordPress Download Manager.
The vulnerability is caused by an error when the vulnerable software handles a http request with malicious wpdm_ajax_call action. It allows a remote attacker to gain control vulnerable systems via a crafted http request.

affected-products-logoAffected Products

WordPress Download Manager before 2.7.5

Impact logoImpact

System Compromise: Remote attacker can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to the latest version, available from the web site.
https://wordpress.org/plugins/download-manager/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)