Download Manager Security Vulnerabilities and Issues — Download Manager CVE List

Lucene search

W3edenDownload Manager

5 matches found

CVE•added 2023/05/30 8:15 a.m.•77 views

CVE-2023-1524

The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file ...

6.5CVSS6.7AI score0.00233EPSS

CVE•added 2023/05/02 8:15 a.m.•74 views

CVE-2023-1809

The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files.

7.5CVSS7.5AI score0.0023EPSS

CVE•added 2023/01/16 4:15 p.m.•60 views

CVE-2022-4476

The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.

5.4CVSS5.4AI score0.00144EPSS

CVE•added 2023/04/18 2:15 p.m.•56 views

CVE-2022-45836

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin

7.1CVSS6AI score0.00129EPSS

CVE•added 2023/06/09 6:16 a.m.•31 views

CVE-2023-2305

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.2AI score0.00135EPSS