Wp-downloadmanager Security Vulnerabilities and Issues — Wp-downloadmanager CVE List

Lucene search

Wp-downloadmanager ProjectWp-downloadmanager

6 matches found

CVE•added 2022/03/25 7:15 p.m.•101 views

CVE-2022-25606

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions

5.4CVSS5.3AI score0.00166EPSS

CVE•added 2022/03/18 6:15 p.m.•88 views

CVE-2022-25605

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions

5.4CVSS5.3AI score0.00182EPSS

CVE•added 2022/03/18 6:15 p.m.•76 views

CVE-2021-44760

Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin

5.4CVSS5.1AI score0.00167EPSS

CVE•added 2025/06/11 4:15 a.m.•49 views

CVE-2025-4799

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, t...

7.2CVSS5.8AI score0.00897EPSS

CVE•added 2025/06/11 4:15 a.m.•44 views

CVE-2025-4798

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administr...

4.9CVSS5.7AI score0.00041EPSS

CVE•added 2021/07/07 2:15 p.m.•43 views

CVE-2020-24141

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute comma...

5.3CVSS5.5AI score0.0019EPSS