CVE-2025-1785 – The Download Manager plugin for WordPress has a... (How to Fix)

Q: What is the severity of CVE-2025-1785?

CVE-2025-1785 has a CVSS score of 5.4 (MEDIUM). The Download Manager plugin for WordPress has a directory traversal vulnerability that allows authenticated attackers with Author-level permissions or higher to overwrite certain file types outside intended directories. This affects all versions up to 3.3.08 and could lead to denial of service.

📋 TL;DR

The Download Manager plugin for WordPress has a directory traversal vulnerability that allows authenticated attackers with Author-level permissions or higher to overwrite certain file types outside intended directories. This affects all versions up to 3.3.08 and could lead to denial of service.

💻 Affected Systems

Products:

WordPress Download Manager plugin

Versions: All versions up to and including 3.3.08

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Download Manager plugin enabled and at least one user with Author role or higher.

📦 What is this software?

Download Manager by W3eden

View all CVEs affecting Download Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could overwrite critical WordPress files, causing complete site unavailability or potentially enabling further exploitation if combined with other vulnerabilities.

🟠

Likely Case

Attackers with Author access could overwrite plugin files or uploads, causing partial site functionality loss or defacement.

🟢

If Mitigated

With proper access controls and file permission restrictions, impact is limited to non-critical file overwrites within the uploads directory.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.09 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3252990%40download-manager&new=3252990%40download-manager&sfp_email=&sfph_mail=#file4

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Download Manager' and click 'Update Now'. 4. Verify version is 3.3.09 or higher.

🔧 Temporary Workarounds

Temporarily disable plugin

all

Disable the Download Manager plugin until patched

wp plugin deactivate download-manager

Restrict Author role permissions

all

Remove Author role users or restrict their capabilities

🧯 If You Can't Patch

Implement strict file permission controls on web server directories
Monitor for suspicious file modification activity in WordPress uploads directory

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Download Manager version. If version is 3.3.08 or lower, system is vulnerable.

Check Version:

wp plugin get download-manager --field=version

Verify Fix Applied:

After update, confirm Download Manager version is 3.3.09 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Multiple failed file upload attempts
Unusual file modification patterns in wp-content/uploads
wpdm_newfile action with suspicious parameters

Network Indicators:

POST requests to wp-admin/admin-ajax.php with wpdm_newfile action containing directory traversal sequences

SIEM Query:

source="web_server" AND (uri="/wp-admin/admin-ajax.php" AND post_data CONTAINS "wpdm_newfile" AND (post_data CONTAINS "../" OR post_data CONTAINS "..\"))

📊 Metadata

CVE ID: CVE-2025-1785

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-22

EPSS Score: 0.98% exploit probability (76.3th percentile)

Published: March 13, 2025

Last Updated: July 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1785, you might also want to check these: