Download Master Security Vulnerabilities
The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...
7.2CVSS
7.5AI Score
0.001EPSS
ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...
7.2CVSS
7.6AI Score
0.0005EPSS
The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....
7.2CVSS
7.3AI Score
0.001EPSS
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting...
4.8CVSS
5.1AI Score
0.0004EPSS
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting...
4.8CVSS
5.2AI Score
0.0004EPSS
The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file....
6.5CVSS
6.7AI Score
0.001EPSS
The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package...
7.5CVSS
7.5AI Score
0.001EPSS
The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the.....
7.5CVSS
7.6AI Score
0.002EPSS
The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys...
7.5CVSS
7.4AI Score
0.002EPSS
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data.....
6.8CVSS
6.6AI Score
0.001EPSS
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to...
5.4CVSS
5.2AI Score
0.001EPSS
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to...
5.4CVSS
5.2AI Score
0.001EPSS