15 matches found
CVE-2026-2426
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...
EUVD-2008-1647
Malware in sbrugna...
EUVD-2025-3501
Malicious code in bioql PyPI...
EUVD-2025-28465
Malicious code in bioql PyPI...
CVE-2025-23882
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in misanthrop WP Download Codes wp-download-codes allows Reflected XSS.This issue affects WP Download Codes: from n/a through = 2.5.4...
CVE-2025-23882
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in misanthrop WP Download Codes wp-download-codes allows Reflected XSS.This issue affects WP Download Codes: from n/a through = 2.5.4...
CVE-2025-23882 WordPress WP Download Codes Plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in misanthrop WP Download Codes wp-download-codes allows Reflected XSS.This issue affects WP Download Codes: from n/a through = 2.5.4...
CVE-2025-23882
CVE-2025-23882 is a Reflected XSS in the NotFound WP Download Codes plugin. The vulnerability affects WP Download Codes versions from n/a through 2.5.4 and is characterized as an Improper Neutralization of Input During Web Page Generation. The CVSS v3.1 base score is 7.1 ( HIGH ), with network at...
WP-DownloadManager 1.60 - Script Insertion CSRF
The wp-download-manager WordPress plugin was affected by a Script Insertion CSRF security vulnerability...
Download - (dl_id) SQL Injection
The wp-download WordPress plugin was affected by a dlid SQL Injection security vulnerability...
CVE-2011-1669
Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F encoded dot dot sequences in the url parameter...
WordPress wp-download插件dl_id参数SQL注入漏洞
BUGTRAQ ID: 28516 WordPress是一款免费的论坛Blog系统。 WordPress的WP-Download插件实现上存在输入漏洞,远程攻击者可能利用此漏洞获取登录相关的敏感信息。 WordPress的WP-Download插件中的wp-download.php文件没有正确地验证对dlid参数的输入,允许远程攻击者通过提交恶意的查询请求执行SQL注入攻击。成功利用这个漏洞可能导致检索用户名和口令哈希,但攻击者必须知道数据库表格前缀。 WordPress wp-download 1.2 WordPress ---------...
Sql injection
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dlid parameter...
CVE-2008-1646
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dlid parameter...
CVE-2008-1646
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dlid parameter...