Lucene search

K
W3edenDownload Manager

17 matches found

CVE
CVE
added 2019/09/03 6:15 p.m.156 views

CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.

6.1CVSS5.9AI score0.11454EPSS
CVE
CVE
added 2023/05/30 8:15 a.m.77 views

CVE-2023-1524

The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file ...

6.5CVSS6.7AI score0.00233EPSS
CVE
CVE
added 2021/08/05 9:15 p.m.62 views

CVE-2021-34638

Authenticated Directory Traversal in WordPress Download Manager

6.5CVSS6.1AI score0.00775EPSS
CVE
CVE
added 2022/06/13 1:15 p.m.59 views

CVE-2022-1985

The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file.

6.1CVSS5.8AI score0.00394EPSS
CVE
CVE
added 2024/03/19 3:15 p.m.59 views

CVE-2024-29114

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Download Manager allows Stored XSS.This issue affects Download Manager: from n/a through 3.2.84.

6.5CVSS6.7AI score0.0006EPSS
CVE
CVE
added 2022/07/17 11:15 a.m.58 views

CVE-2022-2168

The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting

6.1CVSS6AI score0.10858EPSS
CVE
CVE
added 2022/07/18 5:15 p.m.55 views

CVE-2022-2101

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the file[files][] parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permi...

6.4CVSS4.9AI score0.00623EPSS
CVE
CVE
added 2017/07/07 1:29 p.m.53 views

CVE-2017-2216

Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS6AI score0.00479EPSS
CVE
CVE
added 2017/07/07 1:29 p.m.50 views

CVE-2017-2217

Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.1CVSS6.2AI score0.00356EPSS
CVE
CVE
added 2024/06/12 9:15 a.m.48 views

CVE-2024-5266

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on use...

6.4CVSS5.5AI score0.00985EPSS
CVE
CVE
added 2024/05/31 10:15 a.m.44 views

CVE-2024-4160

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authe...

6.4CVSS5.9AI score0.00209EPSS
CVE
CVE
added 2018/01/16 9:29 a.m.43 views

CVE-2017-18032

The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.

6.1CVSS5.9AI score0.0021EPSS
CVE
CVE
added 2024/12/31 11:15 a.m.43 views

CVE-2024-56217

Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03.

6.3CVSS4.7AI score0.00054EPSS
CVE
CVE
added 2024/03/13 4:15 p.m.36 views

CVE-2023-6954

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated atta...

6.4CVSS6AI score0.00127EPSS
CVE
CVE
added 2024/07/31 1:15 p.m.36 views

CVE-2024-6208

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the 'cols' parameter. This makes it possible for authentic...

6.4CVSS5.7AI score0.00089EPSS
CVE
CVE
added 2023/06/09 6:16 a.m.31 views

CVE-2023-2305

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.2AI score0.00135EPSS
CVE
CVE
added 2025/06/19 4:15 a.m.7 views

CVE-2025-4367

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authe...

6.4CVSS5.7AI score0.00037EPSS