2 matches found
WordPress Download Manager plugin <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key vulnerability
Unauthenticated Cron Trigger due to Hardcoded Cron Key vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Download Manager versions = 3.3.30...
CVE-2025-12177
The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs...