Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wpdownloadmanager download manager vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-25087
The Download Manager WordPress plugin prior to 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated malicious users to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) a...
Wpdownloadmanager Wordpress Download Manager
NA
CVE-2022-34658
Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
Wpdownloadmanager Wordpress Download Manager
445
VMScore
CVE-2022-0828
The Download Manager WordPress plugin prior to 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an malicious user to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or passwor...
Wpdownloadmanager Wordpress Download Manager
435
VMScore
CVE-2019-15889
The download-manager plugin prior to 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
Wpdownloadmanager Wordpress Download Manager
1 EDB exploit
312
VMScore
CVE-2021-24773
The WordPress Download Manager WordPress plugin prior to 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed
Wpdownloadmanager Wordpress Download Manager
383
VMScore
CVE-2017-2216
Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wpdownloadmanager Wordpress Download Manager
516
VMScore
CVE-2017-2217
Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Wpdownloadmanager Wordpress Download Manager
383
VMScore
CVE-2017-18032
The download-manager plugin prior to 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.
Wpdownloadmanager Wordpress Download Manager
383
VMScore
CVE-2017-20093
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
Wpdownloadmanager Wordpress Download Manager 2.8.99
NA
CVE-2023-22713
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions.
Wpdownloadmanager Gutenberg Blocks For Wordpress Download Manager
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3