Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
download manager vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-1524
The Download Manager WordPress plugin prior to 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user ...
Wpdownloadmanager Download Manager
6.1
CVSSv3
CVE-2022-45836
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions.
Wpdownloadmanager Download Manager
4.8
CVSSv3
CVE-2021-24773
The WordPress Download Manager WordPress plugin prior to 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed
Wpdownloadmanager Wordpress Download Manager
5.4
CVSSv3
CVE-2021-24969
The WordPress Download Manager WordPress plugin prior to 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any aut...
Wpdownloadmanager Wordpress Download Manager
7.5
CVSSv3
CVE-2022-2362
The Download Manager WordPress plugin prior to 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.
Wpdownloadmanager Wordpress Download Manager
6.5
CVSSv3
CVE-2021-34638
Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing c...
Wpdownloadmanager Wordpress Download Manager
8.8
CVSSv3
CVE-2021-34639
Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3...
Wpdownloadmanager Wordpress Download Manager
8.8
CVSSv3
CVE-2022-36288
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
Wpdownloadmanager Wordpress Download Manager
9.8
CVSSv3
CVE-2016-6567
SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applications. The Resident Download Manager does not verify that the firmware is au...
Shdesigns Resident Download Manager -
6.1
CVSSv3
CVE-2019-15889
The download-manager plugin prior to 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
Wpdownloadmanager Wordpress Download Manager
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »