The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack
Vendor | Product | Version | CPE |
---|---|---|---|
cminds | cm_download_manager | * | cpe:2.3:a:cminds:cm_download_manager:*:*:*:*:*:*:*:* |