Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
download plugin vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-36920
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).
Wpchill Download Monitor
6.1
CVSSv3
CVE-2022-45836
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions.
Wpdownloadmanager Download Manager
4.8
CVSSv3
CVE-2021-23174
Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].
Wpchill Download Monitor
7.5
CVSSv3
CVE-2023-1809
The Download Manager WordPress plugin prior to 6.3.0 leaks master key information without the need for a password, allowing malicious users to download arbitrary password-protected package files.
Wpdownloadmanager Download Manager
6.1
CVSSv3
CVE-2022-2168
The Download Manager WordPress plugin prior to 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting
Wpdownloadmanager Download Manager
4.9
CVSSv3
CVE-2022-2926
The Download Manager WordPress plugin prior to 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory
Adobe Download Manager
8.8
CVSSv3
CVE-2021-25069
The Download Manager WordPress plugin prior to 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue
Wpdownloadmanager Download Manager
6.1
CVSSv3
CVE-2022-0953
The Anti-Malware Security and Brute-Force Firewall WordPress plugin prior to 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
Download Anti-malware Security And Brute-force Firewall Project Download Anti-malware Security And Brute-force Firewall
4.9
CVSSv3
CVE-2022-2981
The Download Monitor WordPress plugin prior to 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite ...
Wpchill Download Monitor
4.9
CVSSv3
CVE-2022-2222
The Download Monitor WordPress plugin prior to 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite ...
Wpchill Download Monitor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »