Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
download plugin vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-24694
The Simple Download Monitor WordPress plugin prior to 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) "color" or "css_class" argument of sdm_download shortcode, 2) "class" or "place...
Tipsandtricks-hq Simple Download Monitor
6.8
CVSSv2
CVE-2021-24696
The Simple Download Monitor WordPress plugin prior to 3.9.9 does not enforce nonce checks, which could allow malicious users to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9),...
Tipsandtricks-hq Simple Download Monitor
NA
CVE-2023-5105
The Frontend File Manager Plugin WordPress plugin prior to 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`
Najeebmedia Frontend File Manager Plugin
NA
CVE-2021-4356
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfm_file_meta_update AJAX action. Th...
Najeebmedia Frontend File Manager Plugin
7.5
CVSSv2
CVE-2015-7517
Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin prior to 2.0.9 for WordPress allow remote malicious users to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes...
Labwebdesigns Double Opt-in For Download
NA
CVE-2023-22713
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions.
Wpdownloadmanager Gutenberg Blocks For Wordpress Download Manager
4.3
CVSSv2
CVE-2019-17239
includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin up to and including 1.5.0 for WordPress has multiple unauthenticated stored XSS issues.
Wpfactory Download Plugins And Themes From Dashboard
NA
CVE-2012-10016
A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to...
Halulu Simple-download-button-shortcode 1.0
NA
CVE-2022-4794
The AAWP WordPress plugin prior to 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.
Getaawp Amazon Affiliate Wordpress Plugin
NA
CVE-2023-24004
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions.
Wpdevart Download Image And Video Lightbox\\, Image Popup
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »