Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
download manager vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-2436
The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call ...
Wpdownloadmanager Wordpress Download Manager
7.2
CVSSv3
CVE-2022-3076
The CM Download Manager WordPress plugin prior to 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.
Cminds Cm Download Manager
NA
CVE-2010-0995
Stack-based buffer overflow in Internet Download Manager (IDM) prior to 5.19 allows remote malicious users to execute arbitrary code via a crafted FTP URI that causes unspecified "test sequences" to be sent from client to server.
Tonec Internet Download Manager
8.8
CVSSv3
CVE-2022-34347
Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
Wpdownloadmanager Wordpress Download Manager
6.1
CVSSv3
CVE-2017-18032
The download-manager plugin prior to 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.
Wpdownloadmanager Wordpress Download Manager
NA
CVE-2007-6339
The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) prior to 2.2.3.5 allows remote malicious users to force the download and execution of arbitrary code via unspecified "undocumented object parameters."
Akamai Technologies Download Manager
6.1
CVSSv3
CVE-2017-2216
Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wpdownloadmanager Wordpress Download Manager
6.1
CVSSv3
CVE-2017-2217
Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Wpdownloadmanager Wordpress Download Manager
5.4
CVSSv3
CVE-2022-4476
The Download Manager WordPress plugin prior to 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-...
Wpdownloadmanager Wordpress Download Manager
7.5
CVSSv3
CVE-2023-6421
The Download Manager WordPress plugin prior to 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.
Wpdownloadmanager Wordpress Download Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »