CVE-2026-4401

CVE-2026-4401 affects the WordPress plugin Download Monitor up to version 5.1.10. The vulnerability is a CSRF in the actions_handler() and bulk_actions_handler() in class-dlm-downloads-path.php caused by missing nonce verification. This allows unauthenticated attackers to delete, disable, or enab...

WordPress Download Monitor plugin <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling vulnerability

Cross-Site Request Forgery to Download Path Deletion and Disabling vulnerability discovered by Kirasec in WordPress Plugin Download Monitor versions = 5.1.10...

PT-2024-20792 · Idurar · Idurar

Name of the Vulnerable Software and Affected Versions: iDURAR version 2.0.0 Description: A Path Traversal vulnerability exists, allowing unauthenticated attackers to expose sensitive files via the download functionality. The issue can be exploited using backslashes. For example, an attacker can u...

PT-2023-4159 · Webmin +1 · Webmin +1

Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: An issue was discovered in the download functionality, allowing an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a crafted download path containing a malicious payload, an attacke...