Security Advisory

CVE-2025-2048

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-01 06:00:05

Last updated 2025-04-01 14:58:56

Assigner WPScan

State PUBLISHED

Description

The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server

← Browse all CVEs View on cve.org ↗