Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
download manager vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2014-9129
Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin prior to 2.0.7 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_t...
Cminds Cm Download Manager
4.3
CVSSv2
CVE-2020-27344
The cm-download-manager plugin prior to 2.8.0 for WordPress allows XSS.
Cminds Cm Download Manager
4.3
CVSSv2
CVE-2017-2216
Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wpdownloadmanager Wordpress Download Manager
5.8
CVSSv2
CVE-2017-2217
Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Wpdownloadmanager Wordpress Download Manager
6.8
CVSSv2
CVE-2007-6339
The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) prior to 2.2.3.5 allows remote malicious users to force the download and execution of arbitrary code via unspecified "undocumented object parameters."
Akamai Technologies Download Manager
NA
CVE-2022-34347
Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
Wpdownloadmanager Wordpress Download Manager
3.5
CVSSv2
CVE-2021-24969
The WordPress Download Manager WordPress plugin prior to 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any aut...
Wpdownloadmanager Wordpress Download Manager
10
CVSSv2
CVE-2017-17849
A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and previous versions could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.
Getgosoft Getgo Download Manager
2 EDB exploits
NA
CVE-2022-4476
The Download Manager WordPress plugin prior to 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-...
Wpdownloadmanager Wordpress Download Manager
3.5
CVSSv2
CVE-2021-24773
The WordPress Download Manager WordPress plugin prior to 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed
Wpdownloadmanager Wordpress Download Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »