Download Manager Security Vulnerabilities and Issues — Download Manager CVE List

Lucene search

W3edenDownload Manager

4 matches found

CVE•added 2025/03/16 6:15 a.m.•59 views

CVE-2024-13126

The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.

4.6CVSS6.9AI score0.00457EPSS

CVE•added 2025/03/13 8:15 a.m.•41 views

CVE-2025-1785

The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally...

8.1CVSS5.3AI score0.00845EPSS

CVE•added 2025/05/15 8:15 p.m.•16 views

CVE-2024-8284

The Download Manager WordPress plugin before 3.2.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8CVSS6AI score0.00052EPSS

CVE•added 2025/06/19 4:15 a.m.•8 views

CVE-2025-4367

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authe...

6.4CVSS5.7AI score0.00043EPSS