W3eden

w3eden

51 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Download Manager

download_manager

CVEs (51)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-34639 1W3eden 1Download Manager Mar 21, 2025 Aug 5, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issu...Show more Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions.Show less
CVE-2021-34638 1W3eden 1Download Manager Mar 21, 2025 Aug 5, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS att...Show more Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions.Show less
CVE-2019-15889 1W3eden 1Download Manager Mar 21, 2025 Sep 3, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
CVE-2017-18497 1W3eden 1Live Forms Nov 21, 2024 Aug 13, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The liveforms plugin before 3.4.0 for WordPress has XSS.
CVE-2015-9301 1W3eden 1Live Forms Nov 21, 2024 Aug 13, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The liveforms plugin before 3.2.0 for WordPress has SQL injection.
CVE-2017-18032 1W3eden 1Download Manager Mar 21, 2025 Jan 16, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.
CVE-2014-9260 1W3eden 1Download Manager May 13, 2026 Aug 7, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option.
CVE-2017-2217 1W3eden 1Download Manager May 13, 2026 Jul 7, 2017 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2017-2216 1W3eden 1Download Manager May 13, 2026 Jul 7, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8585 1W3eden 1Download Manager May 6, 2026 Nov 4, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) fil...Show more Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.Show less
CVE-2013-7319 1W3eden 1Download Manager Apr 29, 2026 Feb 6, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.