Filtered by vendor Wpdownloadmanager
Subscriptions
Filtered by product Wordpress Download Manager
Subscriptions
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1985 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2024-08-03 | 6.1 Medium |
| The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file. | ||||
| CVE-2022-0828 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2024-08-02 | 7.5 High |
| The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. | ||||
| CVE-2023-6421 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2024-08-02 | 7.5 High |
| The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one. | ||||
| CVE-2023-2305 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2024-08-02 | 6.4 Medium |
| The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||