Description:

wdm_ajax_settings() is accessible to every registered user.

File: download-managerhooks.php

[crayon-5a665bf89cb9b750006792/]

Using wdm_ajax_settings() we can execute basic_settings().

File: download-managerwpdm-core.php

[crayon-5a665bf89cba2933218362/]

Using basic_settings() we can update every WordPress options, for example: default_role or blogname.

File: download-managerwpdm-core.php

[crayon-5a665bf89cba6649310279/]

The post WordPress Download Manager 2.7.2 Privilege Escalation appeared first on WP Security Bloggers.

Share This