Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wpdownloadmanager download manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4476
The Download Manager WordPress plugin prior to 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-...
Wpdownloadmanager Wordpress Download Manager
NA
CVE-2022-36288
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
Wpdownloadmanager Wordpress Download Manager
NA
CVE-2022-2101
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with co...
Wpdownloadmanager Wordpress Download Manager
NA
CVE-2022-2362
The Download Manager WordPress plugin prior to 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.
Wpdownloadmanager Wordpress Download Manager
5
CVSSv2
CVE-2021-25087
The Download Manager WordPress plugin prior to 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated malicious users to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) a...
Wpdownloadmanager Wordpress Download Manager
NA
CVE-2022-2436
The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call ...
Wpdownloadmanager Wordpress Download Manager
4.3
CVSSv2
CVE-2019-15889
The download-manager plugin prior to 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
Wpdownloadmanager Wordpress Download Manager
1 EDB exploit
4.3
CVSSv2
CVE-2017-2216
Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wpdownloadmanager Wordpress Download Manager
3.5
CVSSv2
CVE-2021-24969
The WordPress Download Manager WordPress plugin prior to 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any aut...
Wpdownloadmanager Wordpress Download Manager
4.3
CVSSv2
CVE-2022-1985
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-if...
Wpdownloadmanager Wordpress Download Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »