CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2048 – Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal
https://notcve.org/view.php?id=CVE-2025-2048
01 Apr 2025 — The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server • https://wpscan.com/vulnerability/05c664e8-110e-4a31-8377-41a0422508a7 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2392 – Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download
https://notcve.org/view.php?id=CVE-2022-2392
01 Aug 2022 — The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher. El plugin Lana Downloads Manager de WordPress versiones anteriores a 1.8.0, está afectado por una vulnerabilidad de descarga de archivos arbitraria que puede ser explotada por usuarios con permisos "Contributor" o superiores. The Lana Downloads Manager plugin for WordPress is vulnerable to arbitrary file downloads in version... • https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •