CVE-2014-9260

EUVD-2014-9085
The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
w3edendownload_manager
𝑥
< 2.7.3
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/130690/WordPress-Download-Manager-2.7.2-Privilege-Escalation.html
http://packetstormsecurity.com/files/130690/WordPress-Download-Manager-2.7.2-Privilege-Escalation.html