{"id":33857,"date":"2025-04-29T23:02:22","date_gmt":"2025-04-29T23:02:22","guid":{"rendered":""},"modified":"2025-09-08T10:19:24","modified_gmt":"2025-09-08T16:19:24","slug":"cve-2025-3404-wordpress-download-manager-arbitrary-file-deletion-vulnerability","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-3404-wordpress-download-manager-arbitrary-file-deletion-vulnerability\/","title":{"rendered":"<strong>CVE-2025-3404: WordPress Download Manager Arbitrary File Deletion Vulnerability<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The CVE-2025-3404 is a critical vulnerability in the Download Manager plugin for WordPress, affecting all versions up to and including 3.3.12. This vulnerability can lead to arbitrary file deletion, potentially rendering a website non-functional or even allowing an attacker to execute remote code. This advisory outlines the specifics of the vulnerability, who it affects, its potential consequences, and how to mitigate it. As WordPress is widely used across the internet, this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-32849-vulnerability-in-telecontrol-server-basic-leads-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"39541\">vulnerability carries significant risk for unpatched systems<\/a>.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-3404<br \/>\nSeverity: High (CVSS: 8.8)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: High (Author-level access and above)<br \/>\nUser Interaction: Required<br \/>\nImpact: Potential <a href=\"https:\/\/www.ameeba.com\/blog\/yale-new-haven-health-system-data-breach-a-comprehensive-analysis-of-a-cybersecurity-breach-impacting-5-5-million-patients\/\"  data-wpil-monitor-id=\"39542\">system compromise or data<\/a> leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-270260181\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3671-critical-local-file-inclusion-vulnerability-in-wpgym-wordpress-gym-management-system-plugin\/\"  data-wpil-monitor-id=\"80516\">WordPress Download Manager<\/a> | Versions up to and including 3.3.12<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-44755-critical-sql-injection-vulnerability-in-sacco-management-system-v1-0\/\"  data-wpil-monitor-id=\"39633\">vulnerability lies in the savePackage function of the Download Manager<\/a> plugin, which does not properly validate file paths. With this, an attacker with author-level access can craft a request to the server to delete <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-43958-arbitrary-file-upload-vulnerability-in-hospital-management-system-v4-0\/\"  data-wpil-monitor-id=\"39669\">arbitrary files<\/a>. If the attacker chooses to delete a critical file, like wp-config.php, it can lead to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-28039-pre-auth-remote-command-execution-vulnerability-in-totolink-ex1200t\/\"  data-wpil-monitor-id=\"39540\">remote code execution<\/a>, thus compromising the system.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-3910903611\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Here&#8217;s a conceptual example of how an <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3200-unauthenticated-remote-attacker-exploiting-insecure-tls-protocols\/\"  data-wpil-monitor-id=\"40821\">attacker might exploit<\/a> this vulnerability. It&#8217;s an HTTP request that instructs the server to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3065-arbitrary-file-deletion-vulnerability-in-database-toolset-plugin\/\"  data-wpil-monitor-id=\"40229\">delete a specific file<\/a>:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/wp-admin\/admin-ajax.php?action=wpdm_save_package HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/x-www-form-urlencoded\n_ID=1&amp;__wpdmfile[files][]=..\/..\/..\/..\/wp-config.php<\/code><\/pre>\n<p>In the above example, the attacker is instructing the server to delete the wp-config.php file, which is a crucial <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3914-potential-arbitrary-file-uploads-and-system-compromise-in-aeropage-sync-for-airtable-wordpress-plugin\/\"  data-wpil-monitor-id=\"40562\">file in a WordPress<\/a> installation. Deleting this can <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-32857-sql-injection-vulnerability-in-telecontrol-server-basic-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"39902\">lead to a system<\/a> compromise.<\/p>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>Users of the WordPress <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3616-arbitrary-file-upload-vulnerability-in-greenshift-wordpress-plugin\/\"  data-wpil-monitor-id=\"39901\">Download Manager<\/a> plugin should immediately apply the vendor patch to fix this vulnerability. If a patch cannot be applied immediately, a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can be used as temporary mitigation. These systems can be <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3101-privilege-escalation-vulnerability-in-configurator-theme-core-plugin-for-wordpress\/\"  data-wpil-monitor-id=\"40306\">configured to block requests that attempt to exploit this vulnerability<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The CVE-2025-3404 is a critical vulnerability in the Download Manager plugin for WordPress, affecting all versions up to and including 3.3.12. This vulnerability can lead to arbitrary file deletion, potentially rendering a website non-functional or even allowing an attacker to execute remote code. This advisory outlines the specifics of the vulnerability, who it affects, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[80],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-33857","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-rce"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/33857","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=33857"}],"version-history":[{"count":9,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/33857\/revisions"}],"predecessor-version":[{"id":72939,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/33857\/revisions\/72939"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=33857"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=33857"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=33857"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=33857"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=33857"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=33857"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=33857"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=33857"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=33857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}