Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24773 | 1 W3eden | 1 Download Manager | 2025-03-21 | 3.5 LOW | 4.8 MEDIUM |
| The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1985 | 1 W3eden | 1 Download Manager | 2025-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file. | |||||
| CVE-2022-34347 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 4.2 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | |||||
| CVE-2022-34658 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 5.4 MEDIUM |
| Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | |||||
| CVE-2021-25087 | 1 W3eden | 1 Download Manager | 2025-03-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25). | |||||
| CVE-2024-56217 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03. | |||||