Login Sign Up

CVE-2020-24146

8.1 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows authorized WordPress users to perform directory traversal attacks via the CM Download Manager plugin, enabling them to delete arbitrary files on the server. This can lead to denial of service by deleting critical system files. Only WordPress sites running the vulnerable plugin version are affected.

💻 Affected Systems

Products:
  • CM Download Manager WordPress Plugin
Versions: 2.7.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authorized WordPress user account; vulnerability exists in default plugin configuration.

📦 What is this software?

Cm Download Manager by Cminds

View all CVEs affecting Cm Download Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical operating system files, leading to permanent data loss and extended service downtime.

🟠

Likely Case

Unauthorized deletion of WordPress files causing website malfunction, data loss, and temporary denial of service.

🟢

If Mitigated

Limited impact with proper file permissions and monitoring, potentially only affecting non-critical files within the web directory.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated WordPress user access; directory traversal via fileName parameter is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.1 or later

Vendor Advisory: https://wordpress.org/plugins/cm-download-manager/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find CM Download Manager. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate cm-download-manager

Restrict User Permissions

all

Limit WordPress user roles that can access plugin functionality.

🧯 If You Can't Patch

  • Implement strict file permission controls on web server directories
  • Deploy web application firewall rules to block directory traversal patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > CM Download Manager version; if version is 2.7.0, system is vulnerable.

Check Version:

wp plugin get cm-download-manager --field=version

Verify Fix Applied:

Confirm plugin version is 2.7.1 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing 'deletescreenshot' action with '../' sequences in parameters
  • Unexpected file deletion events in system logs

Network Indicators:

  • POST requests to /wp-admin/admin-ajax.php with fileName parameter containing path traversal sequences

SIEM Query:

source="web_logs" AND uri_path="/wp-admin/admin-ajax.php" AND (param="fileName" AND value="*../*")

📊 Metadata

CVE ID: CVE-2020-24146
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-22
Published: July 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24146, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)