Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor W3eden Subscribe
Total 48 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1985 1 W3eden 1 Download Manager 2025-03-21 4.3 MEDIUM 6.1 MEDIUM
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file.
CVE-2022-34347 1 W3eden 1 Download Manager 2025-03-21 N/A 4.2 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
CVE-2022-34658 1 W3eden 1 Download Manager 2025-03-21 N/A 5.4 MEDIUM
Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
CVE-2021-25087 1 W3eden 1 Download Manager 2025-03-21 5.0 MEDIUM 7.5 HIGH
The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25).
CVE-2024-56217 1 W3eden 1 Download Manager 2025-03-21 N/A 4.3 MEDIUM
Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03.
CVE-2021-36896 1 W3eden 1 Pricing Table 2024-11-21 3.5 LOW 4.8 MEDIUM
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2
CVE-2017-18497 1 W3eden 1 Live Forms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The liveforms plugin before 3.4.0 for WordPress has XSS.
CVE-2015-9301 1 W3eden 1 Live Forms 2024-11-21 7.5 HIGH 9.8 CRITICAL
The liveforms plugin before 3.2.0 for WordPress has SQL injection.