23 matches found
EUVD-2025-9118
Malicious code in bioql PyPI...
EUVD-2022-34657
Malicious code in bioql PyPI...
CVE-2025-7387
The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-7387 Lana Downloads Manager <= 1.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-7387 Lana Downloads Manager <= 1.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress plugin Lana Downloads Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...
PT-2025-28976 · WordPress · Lana Downloads Manager
Name of the Vulnerable Software and Affected Versions: Lana Downloads Manager versions prior to 1.10.0 Description: The Lana Downloads Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through insufficient input sanitization and output escaping on user-supplied attributes...
CVE-2022-2392
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher...
CVE-2025-2048
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
CVE-2025-2048
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
CVE-2025-2048
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
CVE-2025-2048
CVE-2025-2048 affects the Lana Downloads Manager WordPress plugin prior to 1.10.0. The issue is that input used to build a path is not validated, enabling admins to perform path traversal and download arbitrary server files. Public references confirm the vulnerability is tied to path traversal in...
CVE-2025-2048 Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
CVE-2025-2048 Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
PT-2025-14082 · WordPress · Lana Downloads Manager
Name of the Vulnerable Software and Affected Versions: Lana Downloads Manager WordPress plugin versions prior to 1.10.0 Description: The issue concerns the Lana Downloads Manager WordPress plugin, which does not validate user input used in a path. This could allow users with an admin role to...
CVE-2022-2392
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher...
CVE-2022-2392
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher...
CVE-2022-2392
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher...
CVE-2022-2392
The CVE-2022-2392 affects the Lana Downloads Manager WordPress plugin up to version 1.8.0. The vulnerability is an authenticated/Contributor+ arbitrary file download, reported to be triggered by supplying a file path via the plugin’s UI and results in a direct download of the chosen file (e.g., w...
WordPress plugin Lana Downloads Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...