Vulnerabilities for Cm download manager (...) - CXSECURITY.COM

Vulnerabilities for 'Cm download manager'

2021-07-07

CVE-2020-24145

CWE-79

Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action.

CVE-2020-24146

CWE-22

Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action.

2020-10-21

CVE-2020-27344

CWE-79

The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.

>>> Vendor: Cminds 2 Products

Cm download manager

Enhanced-tooltipglossary

Copyright 2024, cxsecurity.com