Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wpdownloadmanager download manager vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-36288
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
Wpdownloadmanager Wordpress Download Manager
8.8
CVSSv3
CVE-2022-2431
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles() function found in the ~/Admin/Menu/Packages.php file that triggers upon downl...
Wpdownloadmanager Wordpress Download Manager
8.8
CVSSv3
CVE-2022-2436
The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call ...
Wpdownloadmanager Wordpress Download Manager
7.5
CVSSv3
CVE-2022-2362
The Download Manager WordPress plugin prior to 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.
Wpdownloadmanager Wordpress Download Manager
6.1
CVSSv3
CVE-2022-1985
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-if...
Wpdownloadmanager Wordpress Download Manager
7.5
CVSSv3
CVE-2023-6421
The Download Manager WordPress plugin prior to 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.
Wpdownloadmanager Wordpress Download Manager
8.8
CVSSv3
CVE-2022-34347
Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
Wpdownloadmanager Wordpress Download Manager
6.5
CVSSv3
CVE-2021-34638
Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing c...
Wpdownloadmanager Wordpress Download Manager
8.8
CVSSv3
CVE-2021-34639
Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3...
Wpdownloadmanager Wordpress Download Manager
5.4
CVSSv3
CVE-2021-24969
The WordPress Download Manager WordPress plugin prior to 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any aut...
Wpdownloadmanager Wordpress Download Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »