High Severity Vulnerability Patched in Download Manager Plugin


On July 8, 2022, the Wordfence Threat Intelligence team started the responsible disclosure procedure for a vulnerability we found in “Download Manager,” a WordPress plugin used by more than 100,000 websites.

An attacker who has permission to create downloads might use this issue to remove any file that is hosted on the server. We made an effort to contact the developer on July 8, 2022, the day we learned of the issue. Read More…