Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.3 views

CVE-2026-4057

The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...

4.3CVSS5.8AI score0.00373EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/10 1:24 a.m.2 views

CVE-2026-4057

The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...

4.3CVSS5.9AI score0.00373EPSS
Exploits0References8
CVE
CVE
added 2026/04/10 1:24 a.m.15 views

CVE-2026-4057

CVE-2026-4057 is reserved; connected document reveals a concrete vulnerability in WordPress Plugin Download Manager (versions

4.3CVSS5.9AI score0.00373EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/10 1:24 a.m.1 views

CVE-2026-4057 Download Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal

The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...

4.3CVSS5.8AI score0.00373EPSS
Exploits0References7
Malwarebytes
Malwarebytes
added 2026/01/28 12:57 p.m.13 views

WhatsApp rolls out new protections against advanced exploits and spyware

WhatsApp is quietly rolling out a new safety layer for photos, videos, and documents, and it lives entirely under the hood. It won't change how you chat, but it will change what happens to the files that move through your chats—especially the kind that can hide malware. The new feature, called...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.6 views

CVE-2025-13498

The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the wpdmmediaaccess AJAX action. This makes it possible for authenticated attackers,...

4.3CVSS5.3AI score0.00352EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 7:20 a.m.5 views

EUVD-2025-204248

The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the wpdmmediaaccess AJAX action. This makes it possible for authenticated attackers,...

4.3CVSS4.9AI score0.00352EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-51998

Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions prior to 3.3.33 Description The Download Manager plugin for WordPress is susceptible to unauthorized access of sensitive information. This is caused by missing authorization and capability checks ...

4.3CVSS6.1AI score0.00352EPSS
Exploits0References7
Malwarebytes
Malwarebytes
added 2025/10/13 7:19 a.m.5 views

A week in security (October 6 &#8211; October 12)

Last week on Malwarebytes Labs: Apple voices concerns over age-check law that could put user privacy at risk Your passwords don’t need so many fiddly characters, NIST says Millions of very private chats exposed by two AI companion apps Fake VPN and streaming app drops malware that drains your ban...

6.7AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-12398

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00246EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-25858

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00174EPSS
Exploits0References1
OSV
OSV
added 2025/03/04 8:15 a.m.2 views

CVE-2024-58045

Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability...

4.7CVSS5.8AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2023/12/11 8:6 a.m.15 views

A week in security (December 4 &#8211; December 10)

Last week on Malwarebytes Labs: Meta’s Purple Llama wants to test safety risks in AI models US government is snooping on people via phone push notifications, says senator Android phones can be taken over remotely – update when you can How IT teams can conduct a vulnerability assessment for...

7.4AI score
Exploits0
CVE
CVE
added 2023/10/22 12:0 a.m.63 views

CVE-2021-46897

CVE-2021-46897 affects Wagtail CRX CodeRed Extensions (formerly CodeRed CMS/coderedcms) prior to 0.22.3. The vulnerability is a path traversal flaw in views.py that allows upward traversal (..%2f..%2f) when serving protected media, as documented across multiple sources (GitHub issues/PRs and vend...

6.5CVSS6.4AI score0.0071EPSS
Exploits1References3Affected Software1
CISA
CISA
added 2021/12/09 12:0 a.m.14 views

CISA Releases Guidance on Protecting Organization-Run Social Media Accounts

CISA has released Capacity Enhancement Guide CEG: Social Media Account Protection, which details ways to protect the security of organization-run social media accounts. Malicious cyber actors that successfully compromise social media accounts—including accounts used by federal agencies—could spre...

6.8AI score
Exploits0References2
NVD
NVD
added 2020/10/07 7:15 p.m.22 views

CVE-2020-7316

Unquoted service path vulnerability in McAfee File and Removable Media Protection FRP prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered...

7.8CVSS0.00385EPSS
Exploits0References1
OSV
OSV
added 2020/10/07 7:15 p.m.6 views

CVE-2020-7316

Unquoted service path vulnerability in McAfee File and Removable Media Protection FRP prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered...

7.8CVSS7.4AI score0.00385EPSS
Exploits0References1
Prion
Prion
added 2020/10/07 7:15 p.m.19 views

Design/Logic Flaw

Unquoted service path vulnerability in McAfee File and Removable Media Protection FRP prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered...

4.6CVSS7.6AI score0.00385EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2014/10/29 2:55 p.m.14 views

Hardcoded credentials

The 1 Removable Media and 2 CD and DVD encryption offsite access options formerly Endpoint Encryption for Removable Media or EERM in McAfee File and Removable Media Protection FRP 4.3.0.x, and Endpoint Encryption for Files and Folders EEFF 3.2.x through 4.2.x, uses a hard-coded salt, which makes ...

2.1CVSS6.3AI score0.00199EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder