Cm Download Manager@* Security Vulnerabilities and Issues — Cm Download Manager@* CVE List

Lucene search

CmindsCm Download Manager*

6 matches found

CVE•added 2024/03/25 5:15 a.m.•81 views

CVE-2024-1962

The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack

8.8CVSS8.5AI score0.00627EPSS

CVE•added 2024/03/25 5:15 a.m.•72 views

CVE-2024-1231

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack

6.8CVSS9.1AI score0.00063EPSS

CVE•added 2024/03/25 5:15 a.m.•70 views

CVE-2024-1232

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack

4.8CVSS5.2AI score0.00134EPSS

CVE•added 2022/09/26 1:15 p.m.•53 views

CVE-2022-3076

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.

7.2CVSS6.9AI score0.00366EPSS

CVE•added 2020/10/21 8:15 p.m.•39 views

CVE-2020-27344

The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.

6.1CVSS6.3AI score0.0019EPSS

CVE•added 2014/12/05 3:59 p.m.•37 views

CVE-2014-9129

Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_...

6.8CVSS6.5AI score0.00262EPSS