# Exploit Title: CSRF vulnerabilities in WordPress Download Manager Plugin 2.5 # Google Dork: inurl:"/wp-content/plugins/download-manager # Date: 24 may, 2019 # Exploit Author: Princy Edward # Exploit Author Blog : https://prinyedward.blogspot.com/ # Vendor Homepage: https://www.wpdownloadmanager.com/ # Software Link: https://wordpress.org/plugins/download-manager/ # Tested on: Apache/2.2.24 (CentOS) POC #1 There is no CSRF nonce check performed in "POST /wp-admin/admin-ajax.php?action=wpdm_save_email_setting" request. #Code
#2 There is no CSRF nonce check performed in "POST /wp-admin/edit.php?post_type=wpdmpro&page=templates&_type=email&task=EditEmailTemplat e&id=default" request. #Code