W3eden

Download Manager

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-2098

  • EPSS 1.75%
  • Veröffentlicht 13.06.2024 06:15:09
  • Zuletzt bearbeitet 21.03.2025 19:16:48

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticat...

5.4

CVE-2024-1766

  • EPSS 0.47%
  • Veröffentlicht 12.06.2024 11:15:50
  • Zuletzt bearbeitet 21.03.2025 19:16:28

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authe...

5.4

CVE-2024-5266

  • EPSS 0.76%
  • Veröffentlicht 12.06.2024 09:15:21
  • Zuletzt bearbeitet 21.03.2025 19:17:04

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insuffici...

5.4

CVE-2024-4160

  • EPSS 0.29%
  • Veröffentlicht 31.05.2024 10:15:09
  • Zuletzt bearbeitet 21.03.2025 19:16:41

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supp...

7.5

CVE-2024-32131

  • EPSS 0.48%
  • Veröffentlicht 17.05.2024 09:15:35
  • Zuletzt bearbeitet 21.03.2025 19:08:51

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through 3.2.82.

5.4

CVE-2024-29114

  • EPSS 0.08%
  • Veröffentlicht 19.03.2024 15:15:08
  • Zuletzt bearbeitet 21.03.2025 19:13:12

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Download Manager allows Stored XSS.This issue affects Download Manager: from n/a through 3.2.84.

5.4

CVE-2023-6954

  • EPSS 0.17%
  • Veröffentlicht 13.03.2024 16:15:09
  • Zuletzt bearbeitet 21.03.2025 19:16:22

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attribut...

5.3

CVE-2023-6785

  • EPSS 0.39%
  • Veröffentlicht 13.03.2024 16:15:08
  • Zuletzt bearbeitet 21.03.2025 19:13:55

The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the pl...

7.5

CVE-2023-6421

Exploit
  • EPSS 80.57%
  • Veröffentlicht 01.01.2024 15:15:43
  • Zuletzt bearbeitet 18.06.2025 15:15:25

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.

5.4

CVE-2023-2305

Exploit
  • EPSS 0.1%
  • Veröffentlicht 09.06.2023 06:16:06
  • Zuletzt bearbeitet 21.03.2025 16:07:09

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output es...