Lucene search
+L

91 matches found

osv
osv
added 2022/03/07 9:15 a.m.2 views

CVE-2021-25087

The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords fixed in 3.2.24 and files Master Keys fixed ...

7.5CVSS5.8AI score0.01493EPSS
Exploits2References1
osv
osv
added 2022/02/21 11:15 a.m.5 views

CVE-2021-25069

The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the packageids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue...

8.8CVSS7.3AI score
Exploits0References2
nvd
nvd
added 2021/12/27 11:15 a.m.25 views

CVE-2021-24969

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such a...

5.4CVSS0.006EPSS
Exploits2References1
cnnvd
cnnvd
added 2021/11/01 12:0 a.m.9 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Download Manager Plugin in versions prior to 3.2.16 has a cross-site scripting vulnerability that stems from a...

4.8CVSS5.7AI score0.02774EPSS
Exploits2References1
nvd
nvd
added 2019/09/03 6:15 p.m.26 views

CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

6.1CVSS6.1AI score0.12531EPSS
Exploits6References7
cve
cve
added 2018/01/16 9:0 a.m.56 views

CVE-2017-18032

The CVE refers to the WordPress Download Manager plugin. Affected component: download-manager plugin for WordPress, vulnerable before version 2.9.52. Root cause: XSS via the id parameter in the wpdm_generate_password action targeting wp-admin/admin-ajax.php. Impact: cross-site scripting could all...

6.1CVSS5.9AI score0.00924EPSS
Exploits1References2Affected Software1
cnvd
cnvd
added 2017/08/08 12:0 a.m.38 views

WordPress download manager plugin elevation of privilege vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.WordPress Download Manager is one of the file download management plugin. A security vulnerability exists in the...

8.8CVSS8.4AI score0.11059EPSS
Exploits5References1
cve
cve
added 2017/08/07 5:0 p.m.52 views

CVE-2014-9260

The CVE-2014-9260 entry concerns the WordPress Download Manager plugin. The vulnerability is in the basic_settings function of the plugin before version 2.7.3, which allows remote authenticated users to update every WordPress option. This privilege escalation enables an attacker with existing WP ...

8.8CVSS8.2AI score0.11059EPSS
Exploits5References1Affected Software1
cnvd
cnvd
added 2017/03/02 12:0 a.m.3 views

Wordpress Download Manager plugin cross-site request forgery vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the Wordpress Download Manager plugin. An attacker can exploit the...

6.8AI score
Exploits0References1
patchstack
patchstack
added 2014/11/04 12:0 a.m.18 views

WordPress Download Manager Plugin - Arbitrary File Download

Because of this vulnerability, the attackers can read arbitrary files in the "fname" parameter to views/filedownload.php or filedownload.php. Solution Update the plugin...

5CVSS4.9AI score0.0285EPSS
Exploits1References1Affected Software1
cve
cve
added 2014/02/06 3:0 p.m.47 views

CVE-2013-7319

CVE-2013-7319 concerns the WordPress Download Manager plugin prior to version 2.5.9. The vulnerability is a cross-site scripting (XSS) flaw in the title field, where user-supplied input can be injected as script/HTML and executed in the context of the affected site. The issue arises from insuffic...

4.3CVSS6AI score0.04576EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder