Vulnerability Details CVE-2025-2048
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.3%
CVSS Severity
CVSS v3 Score 4.1
Products affected by CVE-2025-2048
-
cpe:2.3:a:lana:lana_downloads_manager:-
-
cpe:2.3:a:lana:lana_downloads_manager:1.0.0
-
cpe:2.3:a:lana:lana_downloads_manager:1.0.1
-
cpe:2.3:a:lana:lana_downloads_manager:1.0.2
-
cpe:2.3:a:lana:lana_downloads_manager:1.0.3
-
cpe:2.3:a:lana:lana_downloads_manager:1.0.4
-
cpe:2.3:a:lana:lana_downloads_manager:1.0.5
-
cpe:2.3:a:lana:lana_downloads_manager:1.0.6
-
cpe:2.3:a:lana:lana_downloads_manager:1.0.7
-
cpe:2.3:a:lana:lana_downloads_manager:1.0.8
-
cpe:2.3:a:lana:lana_downloads_manager:1.0.9
-
cpe:2.3:a:lana:lana_downloads_manager:1.1.0
-
cpe:2.3:a:lana:lana_downloads_manager:1.1.1
-
cpe:2.3:a:lana:lana_downloads_manager:1.1.2
-
cpe:2.3:a:lana:lana_downloads_manager:1.1.3
-
cpe:2.3:a:lana:lana_downloads_manager:1.1.4
-
cpe:2.3:a:lana:lana_downloads_manager:1.1.5
-
cpe:2.3:a:lana:lana_downloads_manager:1.1.6
-
cpe:2.3:a:lana:lana_downloads_manager:1.1.7
-
cpe:2.3:a:lana:lana_downloads_manager:1.1.8
-
cpe:2.3:a:lana:lana_downloads_manager:1.1.9
-
cpe:2.3:a:lana:lana_downloads_manager:1.2.0
-
cpe:2.3:a:lana:lana_downloads_manager:1.2.1
-
cpe:2.3:a:lana:lana_downloads_manager:1.2.2
-
cpe:2.3:a:lana:lana_downloads_manager:1.3.0
-
cpe:2.3:a:lana:lana_downloads_manager:1.4.0
-
cpe:2.3:a:lana:lana_downloads_manager:1.4.1
-
cpe:2.3:a:lana:lana_downloads_manager:1.5.0
-
cpe:2.3:a:lana:lana_downloads_manager:1.6.0
-
cpe:2.3:a:lana:lana_downloads_manager:1.7.0
-
cpe:2.3:a:lana:lana_downloads_manager:1.7.1
-
cpe:2.3:a:lana:lana_downloads_manager:1.8.0
-
cpe:2.3:a:lana:lana_downloads_manager:1.8.1
-
cpe:2.3:a:lana:lana_downloads_manager:1.8.2
-
cpe:2.3:a:lana:lana_downloads_manager:1.9.0