Description:

wdm_ajax_settings() is accessible to every registered user.

File: download-managerhooks.php

[crayon-5b52b25c03f45574504691/]

Using wdm_ajax_settings() we can execute basic_settings().

File: download-managerwpdm-core.php

[crayon-5b52b25c03f57822170109/]

Using basic_settings() we can update every WordPress options, for example: default_role or blogname.

File: download-managerwpdm-core.php

[crayon-5b52b25c03f5f144134046/]

The post WordPress Download Manager 2.7.2 Privilege Escalation appeared first on WP Security Bloggers.

Share This

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.