Download Manager Security Vulnerabilities and Issues — Download Manager CVE List

Lucene search

W3edenDownload Manager

4 matches found

CVE•added 2024/12/19 6:15 a.m.•67 views

CVE-2024-11740

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for ...

7.3CVSS7.3AI score0.02881EPSS

CVE•added 2024/12/19 6:15 a.m.•45 views

CVE-2024-11768

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download passwor...

5.3CVSS5.3AI score0.00049EPSS

CVE•added 2024/12/31 11:15 a.m.•43 views

CVE-2024-56217

Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03.

6.3CVSS4.7AI score0.00054EPSS

CVE•added 2024/12/20 6:15 a.m.•41 views

CVE-2024-10706

The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS5.4AI score0.00034EPSS