CVE-2025-30910 – WordPress CM Download Manager plugin <= 2.9.6 - Arbitrary File Deletion vulnerability

https://notcve.org/view.php?id=CVE-2025-30910

27 Mar 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CreativeMindsSolutions CM Download Manager allows Path Traversal. This issue affects CM Download Manager: from n/a through 2.9.6. The CM Download Manager – Simplify file sharing with powerful download management plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletescreenshot() function in all versions up to, and including, 2.9.6. This makes it possibl... • https://patchstack.com/database/wordpress/plugin/cm-download-manager/vulnerability/wordpress-cm-download-manager-plugin-2-9-6-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •