Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
download plugin vulnerabilities and exploits
(subscribe to this query)
534
VMScore
CVE-2021-24693
The Simple Download Monitor WordPress plugin prior to 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is...
Tipsandtricks-hq Simple Download Monitor
NA
CVE-2023-2305
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output es...
Wpdownloadmanager Wordpress Download Manager
NA
CVE-2022-2436
The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call ...
Wpdownloadmanager Wordpress Download Manager
383
VMScore
CVE-2020-24145
Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote malicious users to inject arbitrary web script or HTML via a crafted deletescreenshot action.
Cminds Cm Download Manager 2.7.0
NA
CVE-2023-5105
The Frontend File Manager Plugin WordPress plugin prior to 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`
Najeebmedia Frontend File Manager Plugin
356
VMScore
CVE-2021-24692
The Simple Download Monitor WordPress plugin prior to 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.
Tipsandtricks-hq Simple Download Monitor
356
VMScore
CVE-2021-24698
The Simple Download Monitor WordPress plugin prior to 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download.
Tipsandtricks-hq Simple Download Monitor
383
VMScore
CVE-2017-20093
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
Wpdownloadmanager Wordpress Download Manager 2.8.99
383
VMScore
CVE-2021-24697
The Simple Download Monitor WordPress plugin prior to 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
Tipsandtricks-hq Simple Download Monitor
490
VMScore
CVE-2020-24146
Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action.
Cminds Cm Download Manager 2.7.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »