Cm Download Manager

cm_download_manager

Vendor: Cminds • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-1962 1Cminds 1Cm Download Manager Apr 1, 2025 Mar 25, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack
CVE-2024-1232 1Cminds 1Cm Download Manager Apr 1, 2025 Mar 25, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack
CVE-2024-1231 1Cminds 1Cm Download Manager Apr 1, 2025 Mar 25, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack
CVE-2022-3076 1Cminds 1Cm Download Manager May 22, 2025 Sep 26, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite...Show more The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.Show less
CVE-2020-24146 1Cminds 1Cm Download Manager Nov 21, 2024 Jul 7, 2021 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a...Show more Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action.Show less
CVE-2020-24145 1Cminds 1Cm Download Manager Nov 21, 2024 Jul 7, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot actio...Show more Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action.Show less
CVE-2020-27344 1Cminds 1Cm Download Manager Nov 21, 2024 Oct 21, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.
CVE-2014-9129 1Cminds 1Cm Download Manager May 6, 2026 Dec 5, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct...Show more Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php.Show less