2 matches found
CVE-2025-13498 Download Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure
The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the wpdmmediaaccess AJAX action. This makes it possible for authenticated attackers,...
PT-2025-51998
Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions prior to 3.3.33 Description The Download Manager plugin for WordPress is susceptible to unauthorized access of sensitive information. This is caused by missing authorization and capability checks ...