Vulnerabilities (CVE)

Filtered by vendor Wpdownloadmanager Subscribe

Filtered by product Wordpress Download Manager

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-6421	1 Wpdownloadmanager	1 Wordpress Download Manager	2024-01-08	N/A	7.5 HIGH
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.
CVE-2022-0828	1 Wpdownloadmanager	1 Wordpress Download Manager	2023-08-02	5.0 MEDIUM	7.5 HIGH
The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.
CVE-2021-34639	1 Wpdownloadmanager	1 Wordpress Download Manager	2021-08-12	6.5 MEDIUM	8.8 HIGH
Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions.