Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
download plugin vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-25059
The Download Plugin WordPress plugin prior to 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.
Metagauss Download Plugin
NA
CVE-2022-36345
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions.
Metagauss Download Plugin
312
VMScore
CVE-2021-24703
The Download Plugin WordPress plugin prior to 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.
Metagauss Download Plugin
NA
CVE-2023-4838
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and ...
Plugin-planet Simple Download Counter
668
VMScore
CVE-2008-2034
SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained s...
Wordpress Download Monitor Plugin 2.0.6
435
VMScore
CVE-2013-7319
Cross-site scripting (XSS) vulnerability in the Download Manager plugin prior to 2.5.9 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the title field.
Wpdownloadmanager Wordpress Download Manager 2.5.2
Wpdownloadmanager Wordpress Download Manager 2.5.3
Wpdownloadmanager Wordpress Download Manager 2.5.6
Wpdownloadmanager Wordpress Download Manager 2.5.7
Wpdownloadmanager Wordpress Download Manager 2.5.4
Wpdownloadmanager Wordpress Download Manager 2.5.5
Wpdownloadmanager Wordpress Download Manager 2.5.0
Wpdownloadmanager Wordpress Download Manager 2.5.1
Wpdownloadmanager Wordpress Download Manager
1 EDB exploit
505
VMScore
CVE-2014-5465
Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and previous versions for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter.
Werdswords Download Shortcode 0.2
Werdswords Download Shortcode 0.1
Werdswords Download Shortcode
Werdswords Download Shortcode 0.2.2
1 EDB exploit
755
VMScore
CVE-2008-1646
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the dl_id parameter.
Arnos Toolbox Wp-download 1.2
Wordpress Wp Download 1.2
1 EDB exploit
1000
VMScore
CVE-2014-8877
The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin prior to 2.0.4 for WordPress allows remote malicious users to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by t...
Creative Minds Cm Download Manager
Creative Minds Cm Download Manager 2.0.2
Creative Minds Cm Download Manager 2.0.1
Creative Minds Cm Download Manager 2.0.0
1 EDB exploit
2 Nmap scripts
1 Github repository
445
VMScore
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
Wpdownloadmanager Wordpress Download Manager 2.6.91
Wpdownloadmanager Wordpress Download Manager 2.6.9
Wpdownloadmanager Wordpress Download Manager 2.6.2
Wpdownloadmanager Wordpress Download Manager 2.6.1
Wpdownloadmanager Wordpress Download Manager 2.5.93
Wpdownloadmanager Wordpress Download Manager 2.5.92
Wpdownloadmanager Wordpress Download Manager 2.5.4
Wpdownloadmanager Wordpress Download Manager 2.5.3
Wpdownloadmanager Wordpress Download Manager 2.4.6
Wpdownloadmanager Wordpress Download Manager 2.4.5
Wpdownloadmanager Wordpress Download Manager 2.3.7
Wpdownloadmanager Wordpress Download Manager 2.3.6
Wpdownloadmanager Wordpress Download Manager 2.2.9
Wpdownloadmanager Wordpress Download Manager 2.2.8
Wpdownloadmanager Wordpress Download Manager 2.2.1
Wpdownloadmanager Wordpress Download Manager 2.2.0
Wpdownloadmanager Wordpress Download Manager 2.1.3
Wpdownloadmanager Wordpress Download Manager 2.0.16
Wpdownloadmanager Wordpress Download Manager 2.0.15
Wpdownloadmanager Wordpress Download Manager 2.0.8
Wpdownloadmanager Wordpress Download Manager 2.0.7
Wpdownloadmanager Wordpress Download Manager 1.5.33
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »