Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wpdownloadmanager download manager vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-18032
The download-manager plugin prior to 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.
Wpdownloadmanager Wordpress Download Manager
5.8
CVSSv2
CVE-2017-2217
Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Wpdownloadmanager Wordpress Download Manager
5
CVSSv2
CVE-2022-0828
The Download Manager WordPress plugin prior to 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an malicious user to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or passwor...
Wpdownloadmanager Wordpress Download Manager
NA
CVE-2023-2305
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output es...
Wpdownloadmanager Wordpress Download Manager
4
CVSSv2
CVE-2021-34638
Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing c...
Wpdownloadmanager Wordpress Download Manager
6.5
CVSSv2
CVE-2021-34639
Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3...
Wpdownloadmanager Wordpress Download Manager
NA
CVE-2022-34347
Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
Wpdownloadmanager Wordpress Download Manager
NA
CVE-2023-6421
The Download Manager WordPress plugin prior to 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.
Wpdownloadmanager Wordpress Download Manager
4.3
CVSSv2
CVE-2017-20093
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
Wpdownloadmanager Wordpress Download Manager 2.8.99
NA
CVE-2023-22713
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions.
Wpdownloadmanager Gutenberg Blocks For Wordpress Download Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3