CVE-2019-25727NVD

Description

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=export_csv and a malicious path parameter to read arbitrary files like wp-config.php accessible to the web server.

Severity Level

CRITICAL (9.8)

Published Date

04/06/2026

Last Modified

04/06/2026

Exploitation Status

????

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

References

https://www.exploit-db.com/exploits/46252
https://web-dorado.com/products/wordpress-ad-manager-wd.html
https://www.vulncheck.com/advisories/wordpress-plugin-ad-manager-wd-arbitrary-file-download