Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
download plugin vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-4704
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the File parameter to download.php.
Download Zip Attachments Project Download Zip Attachments 1.0
9.3
CVSSv2
CVE-2009-4850
The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote malicious users to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.
Awingsoft Awakening Winds3d Viewer Plugin 3.5.0.9
1 EDB exploit
NA
CVE-2023-25787
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP?????? plugin <= 1.3.9 versions.
Wp Resource Download Management Project Wp Resource Download Management
NA
CVE-2022-1585
The Project Source Code Download WordPress plugin up to and including 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.
Project-source-code-download Project Project-source-code-download 1.0.0
4.3
CVSSv2
CVE-2017-20097
A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely.
Wp-filebase Download Manager Project Wp-filebase Download Manager 3.4.4
5
CVSSv2
CVE-2014-5187
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote malicious users to read arbitrary files via the file parameter to tom-download-file.php.
Tom M8te Plugin Project Tom-m8te Plugin 1.5.3
6.5
CVSSv2
CVE-2021-24786
The Download Monitor WordPress plugin prior to 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue
Wpchill Download Monitor
6.8
CVSSv2
CVE-2021-31567
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_u...
Wpchill Download Monitor
NA
CVE-2022-38062
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions.
Metagauss Download Theme
4.3
CVSSv2
CVE-2015-9296
The download-monitor plugin prior to 1.7.1 for WordPress has XSS related to add_query_arg.
Never5 Download Monitor
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »