RSS   Vulnerabilities for 'Download manager'   RSS

2022-07-17
 
CVE-2022-2168

CWE-79
 

 
The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting

 
2022-02-21
 
CVE-2021-25069

CWE-89
 

 
The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue

 
2017-07-07
 
CVE-2017-2216

 

 
Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 

 >>> Vendor: Wpdownloadmanager 2 Products
Download manager
Wordpress download manager


Copyright 2024, cxsecurity.com

 

Back to Top