Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wpdownloadmanager wordpress download manager vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-34638
Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing c...
Wpdownloadmanager Wordpress Download Manager
7.5
CVSSv3
CVE-2021-25087
The Download Manager WordPress plugin prior to 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated malicious users to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) a...
Wpdownloadmanager Wordpress Download Manager
8.8
CVSSv3
CVE-2022-2431
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles() function found in the ~/Admin/Menu/Packages.php file that triggers upon downl...
Wpdownloadmanager Wordpress Download Manager
4.3
CVSSv3
CVE-2017-20093
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
Wpdownloadmanager Wordpress Download Manager 2.8.99
5.4
CVSSv3
CVE-2023-22713
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions.
Wpdownloadmanager Gutenberg Blocks For Wordpress Download Manager
7.5
CVSSv3
CVE-2023-1809
The Download Manager WordPress plugin prior to 6.3.0 leaks master key information without the need for a password, allowing malicious users to download arbitrary password-protected package files.
Wpdownloadmanager Download Manager
6.1
CVSSv3
CVE-2022-2168
The Download Manager WordPress plugin prior to 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting
Wpdownloadmanager Download Manager
8.8
CVSSv3
CVE-2021-25069
The Download Manager WordPress plugin prior to 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue
Wpdownloadmanager Download Manager
6.5
CVSSv3
CVE-2023-1524
The Download Manager WordPress plugin prior to 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user ...
Wpdownloadmanager Download Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3