The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 30.1%.
RCE
WordPress
PHP
Code Injection
Cm Download Manager
NVD
Exploit-DB
CVSS 2.0
10.0
EPSS
30.1%
Threat
4.4