Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
download plugin vulnerabilities and exploits
(subscribe to this query)
935
VMScore
CVE-2009-2386
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote malicious users to force the download and execution of arbitrary files via the GetURL method.
Awingsoft Awakening Winds3d Viewer Plugin 3.5.0.0
Awingsoft Awakening Winds3d Viewer Plugin 3.0.0.5
1 EDB exploit
655
VMScore
CVE-2014-9260
The basic_settings function in the download manager plugin for WordPress prior to 2.7.3 allows remote authenticated users to update every WordPress option.
Downloadmanager Download Manager
1 EDB exploit
445
VMScore
CVE-2016-10924
The ebook-download plugin prior to 1.2 for WordPress has directory traversal.
Zedna Ebook Download Project Zedna Ebook Download
1 Github repository
435
VMScore
CVE-2012-4768
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin prior to 3.3.5.9 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
Mikejolley Download Monitor 3.3.5.7
1 EDB exploit
435
VMScore
CVE-2019-15889
The download-manager plugin prior to 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
Wpdownloadmanager Wordpress Download Manager
1 EDB exploit
356
VMScore
CVE-2022-1570
The Files Download Delay WordPress plugin prior to 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action.
Files Download Delay Project Files Download Delay
312
VMScore
CVE-2021-24699
The Easy Media Download WordPress plugin prior to 1.1.7 does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.
Easy Media Download Project Easy Media Download
NA
CVE-2022-4825
The WP-ShowHide WordPress plugin prior to 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used again...
Download Wp-showhide Project Download Wp-showhide
312
VMScore
CVE-2018-5213
The Simple Download Monitor plugin prior to 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.
Simple Download Monitor Project Simple Download Monitor 3.5.4
312
VMScore
CVE-2018-5212
The Simple Download Monitor plugin prior to 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.
Simple Download Monitor Project Simple Download Monitor 3.5.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »