W3eden

Download Manager

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-4367

  • EPSS 0.03%
  • Veröffentlicht 19.06.2025 03:40:13
  • Zuletzt bearbeitet 09.07.2025 19:00:59

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supp...

4.8

CVE-2024-8284

Exploit
  • EPSS 0.03%
  • Veröffentlicht 15.05.2025 20:15:58
  • Zuletzt bearbeitet 12.06.2025 15:29:52

The Download Manager WordPress plugin before 3.2.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.6

CVE-2024-13126

Exploit
  • EPSS 0.61%
  • Veröffentlicht 16.03.2025 06:15:11
  • Zuletzt bearbeitet 09.04.2025 13:06:59

The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.

8.1

CVE-2025-1785

  • EPSS 0.86%
  • Veröffentlicht 13.03.2025 08:15:10
  • Zuletzt bearbeitet 08.07.2025 15:34:55

The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to over...

6.3

CVE-2024-56217

  • EPSS 0.1%
  • Veröffentlicht 31.12.2024 11:15:07
  • Zuletzt bearbeitet 21.03.2025 15:48:35

Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03.

4.8

CVE-2024-10706

Exploit
  • EPSS 0.07%
  • Veröffentlicht 20.12.2024 06:15:22
  • Zuletzt bearbeitet 17.04.2025 01:52:36

The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis...

5.3

CVE-2024-11768

  • EPSS 0.18%
  • Veröffentlicht 19.12.2024 06:15:23
  • Zuletzt bearbeitet 21.03.2025 19:18:21

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible ...

7.3

CVE-2024-11740

  • EPSS 3.75%
  • Veröffentlicht 19.12.2024 06:15:21
  • Zuletzt bearbeitet 21.03.2025 19:18:50

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before ...

5.4

CVE-2024-8444

Exploit
  • EPSS 0.25%
  • Veröffentlicht 30.10.2024 07:15:16
  • Zuletzt bearbeitet 10.04.2025 14:44:48

The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting.

5.4

CVE-2024-6208

  • EPSS 0.17%
  • Veröffentlicht 31.07.2024 13:15:10
  • Zuletzt bearbeitet 21.03.2025 16:35:35

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the 'cols...