Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
download plugin vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2009-2386
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote malicious users to force the download and execution of arbitrary files via the GetURL method.
Awingsoft Awakening Winds3d Viewer Plugin 3.5.0.0
Awingsoft Awakening Winds3d Viewer Plugin 3.0.0.5
1 EDB exploit
6.5
CVSSv2
CVE-2014-9260
The basic_settings function in the download manager plugin for WordPress prior to 2.7.3 allows remote authenticated users to update every WordPress option.
Downloadmanager Download Manager
1 EDB exploit
5
CVSSv2
CVE-2016-10924
The ebook-download plugin prior to 1.2 for WordPress has directory traversal.
Zedna Ebook Download Project Zedna Ebook Download
1 Github repository
4.3
CVSSv2
CVE-2012-4768
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin prior to 3.3.5.9 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
Mikejolley Download Monitor 3.3.5.7
1 EDB exploit
4.3
CVSSv2
CVE-2019-15889
The download-manager plugin prior to 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
Wpdownloadmanager Wordpress Download Manager
1 EDB exploit
4
CVSSv2
CVE-2022-1570
The Files Download Delay WordPress plugin prior to 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action.
Files Download Delay Project Files Download Delay
3.5
CVSSv2
CVE-2021-24699
The Easy Media Download WordPress plugin prior to 1.1.7 does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.
Easy Media Download Project Easy Media Download
NA
CVE-2022-4825
The WP-ShowHide WordPress plugin prior to 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used again...
Download Wp-showhide Project Download Wp-showhide
3.5
CVSSv2
CVE-2018-5212
The Simple Download Monitor plugin prior to 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.
Simple Download Monitor Project Simple Download Monitor 3.5.4
3.5
CVSSv2
CVE-2018-5213
The Simple Download Monitor plugin prior to 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.
Simple Download Monitor Project Simple Download Monitor 3.5.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »