Download Manager Security Vulnerabilities and Issues — Download Manager CVE List

Lucene search

W3edenDownload Manager

9 matches found

CVE•added 2022/03/07 9:15 a.m.•112 views

CVE-2021-25087

The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed...

7.5CVSS7.4AI score0.01202EPSS

CVE•added 2022/04/11 3:15 p.m.•89 views

CVE-2022-0828

The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the d...

7.5CVSS7.7AI score0.00339EPSS

CVE•added 2023/05/02 8:15 a.m.•74 views

CVE-2023-1809

The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files.

7.5CVSS7.5AI score0.0023EPSS

CVE•added 2024/12/19 6:15 a.m.•67 views

CVE-2024-11740

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for ...

7.3CVSS7.3AI score0.0363EPSS

CVE•added 2024/05/17 9:15 a.m.•64 views

CVE-2024-32131

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through 3.2.82.

7.5CVSS6.7AI score0.00356EPSS

CVE•added 2023/04/18 2:15 p.m.•56 views

CVE-2022-45836

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin

7.1CVSS6AI score0.00129EPSS

CVE•added 2024/06/13 6:15 a.m.•52 views

CVE-2024-2098

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files...

7.5CVSS7.5AI score0.00679EPSS

CVE•added 2024/01/01 3:15 p.m.•47 views

CVE-2023-6421

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.

7.5CVSS7.5AI score0.82435EPSS

CVE•added 2022/08/22 3:15 p.m.•46 views

CVE-2022-2362

The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.

7.5CVSS7.4AI score0.00386EPSS