Known Vulnerabilities for Wordpress Download Manager by Wpdownloadmanager

Listed below are 10 of the newest known vulnerabilities associated with "Wordpress Download Manager" by "Wpdownloadmanager".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2021-34639	Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a...	8.8 - HIGH	2021-08-05	2021-08-12
CVE-2021-34638	Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain...	6.5 - MEDIUM	2021-08-05	2021-08-12
CVE-2021-25087	The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints,...	7.5 - HIGH	2022-03-07	2022-04-12
CVE-2021-24969	The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it...	5.4 - MEDIUM	2021-12-27	2022-01-06
CVE-2021-24773	The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting t...	4.8 - MEDIUM	2021-11-01	2021-11-02
CVE-2019-15889	The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the or...	6.1 - MEDIUM	2019-09-03	2019-09-04
CVE-2017-18032	The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp...	6.1 - MEDIUM	2018-01-16	2020-05-05
CVE-2017-2217	Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users t...	6.1 - MEDIUM	2017-07-07	2020-05-05
CVE-2017-2216	Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject ar...	6.1 - MEDIUM	2017-07-07	2020-05-05
CVE-2014-8585	Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbi...	5 - MEDIUM	2014-11-04	2020-05-05

Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.96	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.95	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.94	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.93	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.92	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.91	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.9	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.8	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.7	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.6	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.5	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.4	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.3	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.2	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.1	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	3.0.0	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	2.9.99	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	2.9.98	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	2.9.97	All	All	All
Application	Wpdownloadmanager	Wordpress Download Manager	2.9.96	All	All	All

Results limited to 20 most recent known configurations