91 matches found
CVE-2025-60092 WordPress Download Manager Plugin <= 3.3.25 - Sensitive Data Exposure Vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through = 3.3.25...
WordPress WP-DownloadManager plugin <= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload vulnerability
Authenticated Admin+ Arbitrary File Upload vulnerability discovered by n4ur15 in WordPress Plugin WP-DownloadManager versions = 1.68.11...
CVE-2025-10146
The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘userids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
WordPress Download Manager plugin <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter vulnerability
Reflected Cross-Site Scripting via userids Parameter vulnerability discovered by vgo0 in WordPress Plugin Download Manager versions = 3.3.23...
VulnCheck KEV: CVE-2024-11740
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
WordPress Download Manager plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Download Manager plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...
CVE-2025-4367 Download Manager <= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdmuserdashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Download Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Download Manager plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...
PT-2025-26204 · WordPress · Download Manager
Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to, and including, 3.3.18 Description: The issue is related to Stored Cross-Site Scripting in the Download Manager plugin for WordPress. This is due to insufficient input sanitization and outp...
CVE-2022-2926
The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory...
CVE-2021-25087
The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords fixed in 3.2.24 and files Master Keys fixed ...
CVE-2019-15889
The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...
CVE-2017-20093
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely...
CVE-2024-8284
CVE-2024-8284 affects the WordPress plugin Download Manager (versions before 3.2.99). The issue stems from insufficient sanitisation/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., editors) even when unfiltered_html is disallowed. Red Hat’s advisory aligns with th...
PT-2025-17370 · WordPress · Download Manager
Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to, and including, 3.3.12 Description: The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function...
PT-2025-17287 · WordPress · Download Manager
Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to, and including, 3.3.12 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...
CVE-2024-13126
The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files...
CVE-2025-1785
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdmnewfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originall...
CVE-2022-45836
Unauth. Reflected Cross-Site Scripting XSS vulnerability in W3 Eden, Inc. Download Manager plugin = 3.2.59 versions...
CVE-2022-2436
The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'filepackagedir' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper tha...