583 matches found
PT-2022-16599 · WordPress · Download Manager
Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to, and including 3.2.50 Description: The issue arises from insufficient file type and path validation on the deleteFiles function found in the /Admin/Menu/Packages.php file. This function is...
CVE-2022-34658
Multiple Authenticated contributor+ Persistent Cross-Site Scripting XSS vulnerabilities in W3 Eden Download Manager plugin = 3.2.48 at WordPress...
CVE-2022-34658
CVE-2022-34658 concerns the WordPress Download Manager plugin (versions ≤ 3.2.48). The vulnerability is a Stored Cross-Site Scripting (XSS) issue that can be triggered by users with at least a Contributor role (i.e., authenticated users). The root cause is inadequate sanitization/escaping of inpu...
WordPress plugin Download Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2022-34857
CVE-2022-34857 is a reflected Cross-Site Scripting vulnerability in the WordPress plugin SP Project & Document Manager (smartypants) version
WordPress plugin Download Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Download Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Download Manager plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2022-2168
The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting...
WordPress Event Manager plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Event Manager plugin prior to...
CVE-2022-34810
A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2017-20093
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely...
CVE-2017-20093
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely...
CVE-2017-20095
A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely...
Cross site request forgery (csrf)
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely...
CVE-2017-20095 Simple Ads Manager Plugin code injection
A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely...
CVE-2017-20095
CVE-2017-20095 affects the WordPress plugin Simple Ads Manager . The connected sources describe a remote, network-exploitable vulnerability that leads to code injection due to manipulation of unknown code. Public documentation labels it as critical/high impact (e.g., NVD CVSS v3.1 base score 9.8,...
CVE-2017-20093
CVE-2017-20093 affects WordPress Plugin Download Manager (version 2.8.99). Multiple sources describe a cross-site request forgery vulnerability in an unspecified/unknown function, with remote exploitation possible. No concrete patch/version remediation is stated in the provided documents; further...
CVE-2017-20093 Download Manager Plugin cross-site request forgery
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely...
CVE-2017-20093 Download Manager Plugin cross-site request forgery
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely...