Vulnerability Details CVE-2022-3076
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.8%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2022-3076
-
cpe:2.3:a:cminds:cm_download_manager:1.0
-
cpe:2.3:a:cminds:cm_download_manager:1.0.2
-
cpe:2.3:a:cminds:cm_download_manager:1.0.3
-
cpe:2.3:a:cminds:cm_download_manager:1.1
-
cpe:2.3:a:cminds:cm_download_manager:1.2
-
cpe:2.3:a:cminds:cm_download_manager:1.3
-
cpe:2.3:a:cminds:cm_download_manager:1.3.3
-
cpe:2.3:a:cminds:cm_download_manager:1.3.5
-
cpe:2.3:a:cminds:cm_download_manager:1.3.6
-
cpe:2.3:a:cminds:cm_download_manager:1.5.2
-
cpe:2.3:a:cminds:cm_download_manager:1.5.3
-
cpe:2.3:a:cminds:cm_download_manager:1.5.5
-
cpe:2.3:a:cminds:cm_download_manager:1.5.6
-
cpe:2.3:a:cminds:cm_download_manager:1.5.7
-
cpe:2.3:a:cminds:cm_download_manager:1.5.8
-
cpe:2.3:a:cminds:cm_download_manager:1.6.0
-
cpe:2.3:a:cminds:cm_download_manager:1.6.1
-
cpe:2.3:a:cminds:cm_download_manager:1.6.2
-
cpe:2.3:a:cminds:cm_download_manager:1.6.3
-
cpe:2.3:a:cminds:cm_download_manager:1.6.5
-
cpe:2.3:a:cminds:cm_download_manager:1.6.7
-
cpe:2.3:a:cminds:cm_download_manager:1.7.2
-
cpe:2.3:a:cminds:cm_download_manager:1.8.0
-
cpe:2.3:a:cminds:cm_download_manager:1.8.1
-
cpe:2.3:a:cminds:cm_download_manager:1.9.4
-
cpe:2.3:a:cminds:cm_download_manager:1.9.5
-
cpe:2.3:a:cminds:cm_download_manager:2.0.10
-
cpe:2.3:a:cminds:cm_download_manager:2.0.11
-
cpe:2.3:a:cminds:cm_download_manager:2.0.12
-
cpe:2.3:a:cminds:cm_download_manager:2.0.13
-
cpe:2.3:a:cminds:cm_download_manager:2.0.14
-
cpe:2.3:a:cminds:cm_download_manager:2.0.15
-
cpe:2.3:a:cminds:cm_download_manager:2.0.17
-
cpe:2.3:a:cminds:cm_download_manager:2.0.4
-
cpe:2.3:a:cminds:cm_download_manager:2.0.6
-
cpe:2.3:a:cminds:cm_download_manager:2.0.7
-
cpe:2.3:a:cminds:cm_download_manager:2.1.0
-
cpe:2.3:a:cminds:cm_download_manager:2.1.1
-
cpe:2.3:a:cminds:cm_download_manager:2.1.5
-
cpe:2.3:a:cminds:cm_download_manager:2.2.0
-
cpe:2.3:a:cminds:cm_download_manager:2.2.4
-
cpe:2.3:a:cminds:cm_download_manager:2.2.7
-
cpe:2.3:a:cminds:cm_download_manager:2.5.0
-
cpe:2.3:a:cminds:cm_download_manager:2.5.1
-
cpe:2.3:a:cminds:cm_download_manager:2.5.11
-
cpe:2.3:a:cminds:cm_download_manager:2.5.15
-
cpe:2.3:a:cminds:cm_download_manager:2.5.16
-
cpe:2.3:a:cminds:cm_download_manager:2.5.17
-
cpe:2.3:a:cminds:cm_download_manager:2.5.2
-
cpe:2.3:a:cminds:cm_download_manager:2.5.5
-
cpe:2.3:a:cminds:cm_download_manager:2.5.6
-
cpe:2.3:a:cminds:cm_download_manager:2.5.8
-
cpe:2.3:a:cminds:cm_download_manager:2.6.0
-
cpe:2.3:a:cminds:cm_download_manager:2.6.3
-
cpe:2.3:a:cminds:cm_download_manager:2.7.0
-
cpe:2.3:a:cminds:cm_download_manager:2.8.0
-
cpe:2.3:a:cminds:cm_download_manager:2.8.1
-
cpe:2.3:a:cminds:cm_download_manager:2.8.4
-
cpe:2.3:a:cminds:cm_download_manager:2.8.5