Download Manager Security Vulnerabilities and Issues — Download Manager CVE List

Lucene search

W3edenDownload Manager

8 matches found

CVE•added 2022/08/23 4:15 p.m.•63 views

CVE-2022-34658

Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin

5.4CVSS5.5AI score0.00111EPSS

CVE•added 2023/01/16 4:15 p.m.•60 views

CVE-2022-4476

The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.

5.4CVSS5.4AI score0.00144EPSS

CVE•added 2024/03/13 4:15 p.m.•57 views

CVE-2023-6785

The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published).

5.3CVSS5.5AI score0.00288EPSS

CVE•added 2021/12/27 11:15 a.m.•45 views

CVE-2021-24969

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such...

5.4CVSS5.2AI score0.00208EPSS

CVE•added 2024/12/19 6:15 a.m.•45 views

CVE-2024-11768

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download passwor...

5.3CVSS5.3AI score0.00055EPSS

CVE•added 2024/06/12 11:15 a.m.•44 views

CVE-2024-1766

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access ...

5.4CVSS4.8AI score0.00246EPSS

CVE•added 2024/10/30 7:15 a.m.•36 views

CVE-2024-8444

The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting.

5.4CVSS5.2AI score0.0006EPSS

CVE•added 2014/11/04 3:55 p.m.•33 views

CVE-2014-8585

Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.

5CVSS7AI score0.00276EPSS