Known Vulnerabilities for products from Wpdownloadmanager
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Wpdownloadmanager".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-52435 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada WPDM – Premi... | Not Provided | 2024-11-18 | 2026-04-01 |
| CVE-2021-34639 | Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a... | 8.8 - HIGH | 2021-08-05 | 2021-08-12 |
| CVE-2021-34638 | Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain... | 6.5 - MEDIUM | 2021-08-05 | 2021-08-12 |
| CVE-2021-25087 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-03-07 | 2022-04-12 |
| CVE-2021-25069 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-02-21 | 2022-02-28 |
| CVE-2021-24969 | The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it... | 5.4 - MEDIUM | 2021-12-27 | 2022-01-06 |
| CVE-2021-24773 | The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting t... | 4.8 - MEDIUM | 2021-11-01 | 2021-11-02 |
| CVE-2019-15889 | The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the or... | 6.1 - MEDIUM | 2019-09-03 | 2019-09-04 |
| CVE-2017-18032 | The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp... | 6.1 - MEDIUM | 2018-01-16 | 2020-05-05 |
| CVE-2017-2217 | Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users t... | 6.1 - MEDIUM | 2017-07-07 | 2020-05-05 |
| CVE-2017-2216 | Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject ar... | 6.1 - MEDIUM | 2017-07-07 | 2020-05-05 |
| CVE-2014-8585 | Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbi... | 5 - MEDIUM | 2014-11-04 | 2020-05-05 |
| CVE-2013-7319 | Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to... | 4.3 - MEDIUM | 2014-02-06 | 2020-05-05 |
Known software with vulnerabilities from Wpdownloadmanager
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Wpdownloadmanager | Download Manager | 1.1 |
| Application | Wpdownloadmanager | Wordpress Download Manager | 1.1 |