Critical Remote Code Execution Flaw Found in WordPress Plugin
There is an easily exploitable remote code execution vulnerability in a popular WordPress plugin that helps manage file downloads and researchers say the bug could be used by even a low-level attacker to run arbitrary code on a vulnerable site.
The vulnerability is in the WP Download Manager, versions 2.7.4 and lower, and it could be used to implant a backdoor on a vulnerable site or get access to administrative accounts. Researchers at Sucuri discovered the vulnerability and a fixed version of the WP Download Manager plugin was released earlier this week. Critical Remote Code Execution Flaw Found in WordPress Plugin