CVE-2022-3076

Published: Sep 26, 2022Modified: May 22, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.

Affected (1)

Products: Cminds: Cm Download Manager

1 product

Cm Download Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cminds Cm Download Manager	Before 2.8.6

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd

Source: contact@wpscan.com

ExploitPatchThird Party Advisory

https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.