Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
download manager vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-3076
The CM Download Manager WordPress plugin prior to 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.
Cminds Cm Download Manager
NA
CVE-2010-0995
Stack-based buffer overflow in Internet Download Manager (IDM) prior to 5.19 allows remote malicious users to execute arbitrary code via a crafted FTP URI that causes unspecified "test sequences" to be sent from client to server.
Tonec Internet Download Manager
7.8
CVSSv3
CVE-2016-6592
A vulnerability was found in Symantec Norton Download Manager versions before 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote user's DLL instead...
Symantec Norton Download Manager
6.1
CVSSv3
CVE-2017-2217
Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Wpdownloadmanager Wordpress Download Manager
5.4
CVSSv3
CVE-2022-34658
Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
Wpdownloadmanager Wordpress Download Manager
8.8
CVSSv3
CVE-2022-2436
The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call ...
Wpdownloadmanager Wordpress Download Manager
4.8
CVSSv3
CVE-2021-24773
The WordPress Download Manager WordPress plugin prior to 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed
Wpdownloadmanager Wordpress Download Manager
8.8
CVSSv3
CVE-2022-36288
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
Wpdownloadmanager Wordpress Download Manager
9.8
CVSSv3
CVE-2017-17849
A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and previous versions could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.
Getgosoft Getgo Download Manager
2 EDB exploits
6.1
CVSSv3
CVE-2017-18032
The download-manager plugin prior to 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.
Wpdownloadmanager Wordpress Download Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »