Lucene search
+L

91 matches found

Vulnrichment
Vulnrichment
added 2025/09/26 8:31 a.m.1 views

CVE-2025-60092 WordPress Download Manager Plugin <= 3.3.25 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through = 3.3.25...

5.3CVSS5.2AI score0.00285EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/25 11:54 p.m.13 views

WordPress WP-DownloadManager plugin <= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by n4ur15 in WordPress Plugin WP-DownloadManager versions = 1.68.11...

7.2CVSS6.8AI score0.0062EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/09/19 5:15 a.m.6 views

CVE-2025-10146

The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘userids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS0.00205EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/09/18 9:39 p.m.7 views

WordPress Download Manager plugin <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter vulnerability

Reflected Cross-Site Scripting via userids Parameter vulnerability discovered by vgo0 in WordPress Plugin Download Manager versions = 3.3.23...

6.1CVSS6.1AI score0.00205EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/09/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-11740

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

7.3CVSS6.2AI score0.01888EPSS
In wildExploits0References2
CNVD
CNVD
added 2025/06/27 12:0 a.m.7 views

WordPress Download Manager plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Download Manager plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...

6.4CVSS5.8AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/19 3:40 a.m.12 views

CVE-2025-4367 Download Manager <= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdmuserdashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00211EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/19 12:0 a.m.6 views

WordPress plugin Download Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Download Manager plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...

6.4CVSS6AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/19 12:0 a.m.12 views

PT-2025-26204 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to, and including, 3.3.18 Description: The issue is related to Stored Cross-Site Scripting in the Download Manager plugin for WordPress. This is due to insufficient input sanitization and outp...

6.4CVSS5.7AI score0.00211EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 1:0 a.m.8 views

CVE-2022-2926

The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory...

4.9CVSS6.7AI score0.01329EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:25 p.m.13 views

CVE-2021-25087

The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords fixed in 3.2.24 and files Master Keys fixed ...

7.5CVSS6.4AI score0.01493EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:27 a.m.6 views

CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

6.1CVSS5.9AI score0.12531EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:56 a.m.9 views

CVE-2017-20093

A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely...

4.3CVSS6.8AI score0.00446EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.27 views

CVE-2024-8284

CVE-2024-8284 affects the WordPress plugin Download Manager (versions before 3.2.99). The issue stems from insufficient sanitisation/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., editors) even when unfiltered_html is disallowed. Red Hat’s advisory aligns with th...

4.8CVSS6AI score0.0032EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/19 12:0 a.m.6 views

PT-2025-17370 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to, and including, 3.3.12 Description: The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function...

8.8CVSS9.2AI score0.00962EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/04/18 12:0 a.m.14 views

PT-2025-17287 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to, and including, 3.3.12 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

5.4CVSS5.7AI score0.00319EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/03/18 6:25 a.m.9 views

CVE-2024-13126

The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files...

4.6CVSS6.8AI score0.00449EPSS
Exploits1References1
NVD
NVD
added 2025/03/13 8:15 a.m.11 views

CVE-2025-1785

The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdmnewfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originall...

8.1CVSS0.0063EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 10:25 p.m.16 views

CVE-2022-45836

Unauth. Reflected Cross-Site Scripting XSS vulnerability in W3 Eden, Inc. Download Manager plugin = 3.2.59 versions...

7.1CVSS5.8AI score0.0068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:27 p.m.9 views

CVE-2022-2436

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'filepackagedir' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper tha...

8.8CVSS6.6AI score0.01408EPSS
Exploits0References1
Rows per page
Query Builder