VIR Vulnerability Intelligence Relay

CVE-2014-8585

medium
Published 2014-11-04 ยท Modified 2026-05-06
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
5.0

Description

Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
w3edendownload_manager1.1
w3edendownload_manager1.2
w3edendownload_manager1.2.1
w3edendownload_manager1.2.2
w3edendownload_manager1.2.3
w3edendownload_manager1.2.4
w3edendownload_manager1.2.5
w3edendownload_manager1.3
w3edendownload_manager1.4
w3edendownload_manager1.5
w3edendownload_manager1.5.1
w3edendownload_manager1.5.2
w3edendownload_manager1.5.3
w3edendownload_manager1.5.9
w3edendownload_manager1.5.32
w3edendownload_manager1.5.33
w3edendownload_manager2.0.1
w3edendownload_manager2.0.2
w3edendownload_manager2.0.3
w3edendownload_manager2.0.4
w3edendownload_manager2.0.5
w3edendownload_manager2.0.6
w3edendownload_manager2.0.7
w3edendownload_manager2.0.8
w3edendownload_manager2.0.9
w3edendownload_manager2.0.10
w3edendownload_manager2.0.11
w3edendownload_manager2.0.12
w3edendownload_manager2.0.13
w3edendownload_manager2.0.14
w3edendownload_manager2.0.15
w3edendownload_manager2.0.16
w3edendownload_manager2.0.17
w3edendownload_manager2.0.18
w3edendownload_manager2.0.19
w3edendownload_manager2.1.0
w3edendownload_manager2.1.1
w3edendownload_manager2.1.2
w3edendownload_manager2.1.3
w3edendownload_manager2.2.0
w3edendownload_manager2.2.1
w3edendownload_manager2.2.2
w3edendownload_manager2.2.3
w3edendownload_manager2.2.4
w3edendownload_manager2.2.5
w3edendownload_manager2.2.6
w3edendownload_manager2.2.7
w3edendownload_manager2.2.8
w3edendownload_manager2.2.9
w3edendownload_manager2.3.0
w3edendownload_manager2.3.1
w3edendownload_manager2.3.2
w3edendownload_manager2.3.3
w3edendownload_manager2.3.4
w3edendownload_manager2.3.5
w3edendownload_manager2.3.6
w3edendownload_manager2.3.7
w3edendownload_manager2.3.8
w3edendownload_manager2.3.9
w3edendownload_manager2.4.0
w3edendownload_manager2.4.1
w3edendownload_manager2.4.2
w3edendownload_manager2.4.3
w3edendownload_manager2.4.4
w3edendownload_manager2.4.5
w3edendownload_manager2.4.6
w3edendownload_manager2.4.7
w3edendownload_manager2.4.8
w3edendownload_manager2.4.9
w3edendownload_manager2.5.0
w3edendownload_manager2.5.1
w3edendownload_manager2.5.2
w3edendownload_manager2.5.3
w3edendownload_manager2.5.4
w3edendownload_manager2.5.5
w3edendownload_manager2.5.6
w3edendownload_manager2.5.7
w3edendownload_manager2.5.8
w3edendownload_manager2.5.9
w3edendownload_manager2.5.91
w3edendownload_manager2.5.92
w3edendownload_manager2.5.93
w3edendownload_manager2.5.94
w3edendownload_manager2.5.95
w3edendownload_manager2.5.96
w3edendownload_manager2.5.97
w3edendownload_manager2.5.98
w3edendownload_manager2.5.99
w3edendownload_manager2.6.0
w3edendownload_manager2.6.1
w3edendownload_manager2.6.2
w3edendownload_manager2.6.3
w3edendownload_manager2.6.4
w3edendownload_manager2.6.5
w3edendownload_manager2.6.6
w3edendownload_manager2.6.7
w3edendownload_manager2.6.8
w3edendownload_manager2.6.9
w3edendownload_manager2.6.91
w3edendownload_manager2.6.92
w3edendownload_manager2.6.93
w3edendownload_manager2.6.94
w3edendownload_manager2.6.95
w3edendownload_manager2.6.96

References

CWEs

CWE-59

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.