Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
download plugin vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2015-4704
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the File parameter to download.php.
Download Zip Attachments Project Download Zip Attachments 1.0
NA
CVE-2023-25787
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP?????? plugin <= 1.3.9 versions.
Wp Resource Download Management Project Wp Resource Download Management
935
VMScore
CVE-2009-4850
The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote malicious users to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.
Awingsoft Awakening Winds3d Viewer Plugin 3.5.0.9
1 EDB exploit
NA
CVE-2022-1585
The Project Source Code Download WordPress plugin up to and including 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.
Project-source-code-download Project Project-source-code-download 1.0.0
383
VMScore
CVE-2017-20097
A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely.
Wp-filebase Download Manager Project Wp-filebase Download Manager 3.4.4
445
VMScore
CVE-2014-5187
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote malicious users to read arbitrary files via the file parameter to tom-download-file.php.
Tom M8te Plugin Project Tom-m8te Plugin 1.5.3
580
VMScore
CVE-2021-24786
The Download Monitor WordPress plugin prior to 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue
Wpchill Download Monitor
605
VMScore
CVE-2021-31567
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_u...
Wpchill Download Monitor
NA
CVE-2022-38062
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions.
Metagauss Download Theme
383
VMScore
CVE-2015-9296
The download-monitor plugin prior to 1.7.1 for WordPress has XSS related to add_query_arg.
Never5 Download Monitor
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »