Lucene search
+L

23 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-9118

Malicious code in bioql PyPI...

4.1CVSS6.2AI score0.00486EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.14 views

EUVD-2022-34657

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00911EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/07/12 5:24 a.m.12 views

CVE-2025-7387

The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.5CVSS6AI score0.00255EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/07/10 5:24 a.m.5 views

CVE-2025-7387 Lana Downloads Manager <= 1.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.5CVSS5.5AI score0.00255EPSS
Exploits0References3
cvelist
cvelist
added 2025/07/10 5:24 a.m.11 views

CVE-2025-7387 Lana Downloads Manager <= 1.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.5CVSS0.00255EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/07/10 12:0 a.m.5 views

WordPress plugin Lana Downloads Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...

5.5CVSS5.7AI score0.00255EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/07/10 12:0 a.m.8 views

PT-2025-28976 · WordPress · Lana Downloads Manager

Name of the Vulnerable Software and Affected Versions: Lana Downloads Manager versions prior to 1.10.0 Description: The Lana Downloads Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through insufficient input sanitization and output escaping on user-supplied attributes...

5.5CVSS5.7AI score0.00255EPSS
Exploits0References7
redhatcve
redhatcve
added 2025/05/22 11:0 p.m.6 views

CVE-2022-2392

The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher...

6.5CVSS6.9AI score0.00911EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/04/03 11:6 a.m.9 views

CVE-2025-2048

The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...

4.1CVSS7.2AI score0.00486EPSS
Exploits1References1
nvd
nvd
added 2025/04/01 6:15 a.m.5 views

CVE-2025-2048

The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...

4.1CVSS0.00486EPSS
Exploits1References1
osv
osv
added 2025/04/01 6:15 a.m.7 views

CVE-2025-2048

The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...

4.1CVSS7.4AI score0.00486EPSS
Exploits1References1
cve
cve
added 2025/04/01 6:0 a.m.50 views

CVE-2025-2048

CVE-2025-2048 affects the Lana Downloads Manager WordPress plugin prior to 1.10.0. The issue is that input used to build a path is not validated, enabling admins to perform path traversal and download arbitrary server files. Public references confirm the vulnerability is tied to path traversal in...

4.1CVSS6.6AI score0.00486EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2025/04/01 6:0 a.m.6 views

CVE-2025-2048 Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal

The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...

7.1AI score0.00486EPSS
Exploits1References1
cvelist
cvelist
added 2025/04/01 6:0 a.m.16 views

CVE-2025-2048 Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal

The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...

0.00486EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/04/01 12:0 a.m.5 views

PT-2025-14082 · WordPress · Lana Downloads Manager

Name of the Vulnerable Software and Affected Versions: Lana Downloads Manager WordPress plugin versions prior to 1.10.0 Description: The issue concerns the Lana Downloads Manager WordPress plugin, which does not validate user input used in a path. This could allow users with an admin role to...

4.1CVSS5.6AI score0.00486EPSS
Exploits1References6
attackerkb
attackerkb
added 2022/08/22 3:15 p.m.3 views

CVE-2022-2392

The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher...

6.5CVSS6AI score0.00911EPSS
Exploits2References2
nvd
nvd
added 2022/08/22 3:15 p.m.31 views

CVE-2022-2392

The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher...

6.5CVSS0.00911EPSS
Exploits2References1
osv
osv
added 2022/08/22 3:15 p.m.7 views

CVE-2022-2392

The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher...

6.5CVSS5.8AI score0.00911EPSS
Exploits2References1
cve
cve
added 2022/08/22 3:3 p.m.42 views

CVE-2022-2392

The CVE-2022-2392 affects the Lana Downloads Manager WordPress plugin up to version 1.8.0. The vulnerability is an authenticated/Contributor+ arbitrary file download, reported to be triggered by supplying a file path via the plugin’s UI and results in a direct download of the chosen file (e.g., w...

6.5CVSS6.5AI score0.00911EPSS
Exploits2References1Affected Software1
cnnvd
cnnvd
added 2022/08/22 12:0 a.m.5 views

WordPress plugin Lana Downloads Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

6.5CVSS6.5AI score0.00911EPSS
Exploits2References2
Rows per page
Query Builder