EUVD-2013-2636

Malware in sbrugna...

CVE-2025-4799 WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Deletion

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above,...

CVE-2020-24141

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the fileremote parameter to download-add.php. It can help identify open ports, local network hosts and execute...

CVE-2013-2697

Cross-site request forgery CSRF vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...

CVE-2022-25606 WordPress WP-DownloadManager plugin <= 1.68.5 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered in WP-DownloadManager WordPress plugin versions = 1.68.6. Vulnerable parameters &downloadpath, &downloadpathurl, &downloadpageurl, &downloadcategories...

CVE-2020-24141

CVE-2020-24141 is a server-side request forgery (SSRF) vulnerability in the WordPress WP-DownloadManager plugin, reported for version 1.68.4. The issue arises from the file_remote parameter in download-add.php, enabling an attacker to issue crafted requests from the vulnerable site’s back-end ser...

CVE-2020-24141

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the fileremote parameter to download-add.php. It can help identify open ports, local network hosts and execute...