Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 05 Jun 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ad-manager-wd
Ad-manager-wd ad Manager Wd Wordpress Wordpress wordpress |
|
| Vendors & Products |
Ad-manager-wd
Ad-manager-wd ad Manager Wd Wordpress Wordpress wordpress |
Thu, 04 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 04 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=export_csv and a malicious path parameter to read arbitrary files like wp-config.php accessible to the web server. | |
| Title | WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-04T13:42:44.345Z
Reserved: 2026-06-04T10:38:55.477Z
Link: CVE-2019-25727
Updated: 2026-06-04T13:42:41.150Z
Status : Deferred
Published: 2026-06-04T14:16:30.190
Modified: 2026-06-04T15:00:40.757
Link: CVE-2019-25727
No data.
OpenCVE Enrichment
Updated: 2026-06-05T10:07:59Z