Vulnerabilities (CVE)

Filtered by vendor Wpdownloadmanager Subscribe
Filtered by product Wordpress Download Manager
Total 23 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18032 1 Wpdownloadmanager 1 Wordpress Download Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.
CVE-2014-8585 1 Wpdownloadmanager 1 Wordpress Download Manager 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
CVE-2013-7319 1 Wpdownloadmanager 1 Wordpress Download Manager 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.