Description:

wdm_ajax_settings() is accessible to every registered user.

File: download-managerhooks.php

[crayon-599b51159487c342453971/]

Using wdm_ajax_settings() we can execute basic_settings().

File: download-managerwpdm-core.php

[crayon-599b511594887091443017/]

Using basic_settings() we can update every WordPress options, for example: default_role or blogname.

File: download-managerwpdm-core.php

[crayon-599b51159488d374655143/]

The post WordPress Download Manager 2.7.2 Privilege Escalation appeared first on WP Security Bloggers.

Share This