Lana: >> Lana Downloads Manager >> 1.0.4 Security Vulnerabilities
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server
CVSS Score
4.1
EPSS Score
0.001
Published
2025-04-01
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-08-22