Known Vulnerabilities for products from Wpdownloadmanager
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Wpdownloadmanager".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-52435 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada WPDM – Premi... | Not Provided | 2024-11-18 | 2026-04-23 |
| CVE-2024-4001 json | The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_for... | Not Provided | 2024-06-05 | 2026-04-08 |
| CVE-2023-22713 json | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Dow... | 5.4 - MEDIUM | 2023-05-03 | 2023-05-06 |
| CVE-2023-4293 json | The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions ... | Not Provided | 2023-08-12 | 2026-04-08 |
| CVE-2023-1809 json | The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing att... | 7.5 - HIGH | 2023-05-02 | 2023-11-07 |
| CVE-2023-1524 json | The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon... | 6.5 - MEDIUM | 2023-05-30 | 2023-11-07 |
| CVE-2022-36288 json | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | 8.8 - HIGH | 2022-08-23 | 2022-08-25 |
| CVE-2022-34658 json | Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugi... | 5.4 - MEDIUM | 2022-08-23 | 2022-08-25 |
| CVE-2022-34347 json | Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | 8.8 - HIGH | 2022-08-22 | 2022-08-23 |
| CVE-2022-4476 json | The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before out... | 5.4 - MEDIUM | 2023-01-16 | 2023-11-07 |
| CVE-2022-2431 json | The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. T... | 8.8 - HIGH | 2022-09-06 | 2022-09-09 |
| CVE-2022-2362 json | The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's R... | 7.5 - HIGH | 2022-08-22 | 2022-08-25 |
| CVE-2022-2168 json | The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute... | 6.1 - MEDIUM | 2022-07-17 | 2022-07-18 |
| CVE-2022-0828 json | The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, a... | 7.5 - HIGH | 2022-04-11 | 2023-11-07 |
| CVE-2021-34639 json | Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a... | 8.8 - HIGH | 2021-08-05 | 2021-08-12 |
| CVE-2021-34638 json | Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain... | 6.5 - MEDIUM | 2021-08-05 | 2021-08-12 |
| CVE-2021-25087 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-03-07 | 2022-04-12 |
| CVE-2021-25069 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-02-21 | 2022-02-28 |
| CVE-2021-24969 json | The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it... | 5.4 - MEDIUM | 2021-12-27 | 2022-01-06 |
| CVE-2021-24773 json | The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting t... | 4.8 - MEDIUM | 2021-11-01 | 2021-11-02 |
Known software with vulnerabilities from Wpdownloadmanager
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Wpdownloadmanager | Download Manager | 1.1 |
| Application | Wpdownloadmanager | Wordpress Download Manager | 1.1 |