RSS   Vulnerabilities for 'Download manager'   RSS

2018-01-16
 
CVE-2017-18032

CWE-79
 

 
The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.

 
2017-07-07
 
CVE-2017-2217

 

 
Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

 
2014-11-04
 
CVE-2014-8585

 

 
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.

 
2014-02-06
 
CVE-2013-7319

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.

 


Copyright 2024, cxsecurity.com

 

Back to Top