10 matches found
EUVD-2024-46503
Malicious code in bioql PyPI...
CVE-2024-5266
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdmuserdashboard, wpdmpackage, wpdmpackages, wpdmsearchresult, and wpdmtag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user...
CVE-2024-5266
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdmuserdashboard, wpdmpackage, wpdmpackages, wpdmsearchresult, and wpdmtag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user...
WordPress plugin Download Manager Pro security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability previously existed...
PT-2024-35406 · WordPress · Download Manager Pro
Name of the Vulnerable Software and Affected Versions: Download Manager Pro plugin for WordPress versions up to, and including, 3.2.92 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in certain shortcodes, including wpdm user...
CVE-2023-6954
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-6954
CVE-2023-6954 affects the WordPress Download Manager Pro plugin up to version 3.2.85. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient input sanitization and output escaping in the plugin’s shortcode attributes, enabling authenticated attackers with contributor...
WordPress Plugin Download Manager Pro security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...
CVE-2023-1809 Download Manager Pro < 6.3.0 - Unauthenticated Sensitive Information Disclosure
The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files...
Download Manager Pro < 6.3.0 - Unauthenticated Sensitive Information Disclosure
The plugin leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. PoC - Create a password protected package containing one or more files. - Navigate to the download page of the package e.g. /download/package1 -...