CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52401 – WordPress Hacklog DownloadManager plugin <=2.1.4 - CSRF to Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52401
Cross-Site Request Forgery (CSRF) vulnerability in 荒野无灯 Hacklog DownloadManager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through 2.1.4. The Hacklog DownloadManager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/hacklog-downloadmanager/wordpress-hacklog-downloadmanager-plugin-2-1-4-csrf-to-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47341 – WordPress WP-DownloadManager plugin <= 1.68.8 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47341
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-DownloadManager allows Reflected XSS.This issue affects WP-DownloadManager: from n/a through 1.68.8. The WP-DownloadManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.68.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-downloadmanager/wordpress-wp-downloadmanager-plugin-1-68-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32131 – WordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-32131
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through 3.2.82. Vulnerabilidad de exposición de información confidencial a un actor no autorizado en W3 Eden Inc. El Download Manager permite omitir la funcionalidad. Este problema afecta al Download Manager: desde n/a hasta 3.2.82. • https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-82-file-password-lock-bypass-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25605 – WordPress WP-DownloadManager plugin <= 1.68.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-25605
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. Se ha detectado múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) Almacenadas y Autenticadas en el plugin WP-DownloadManager de WordPress (versiones anteriores a 1.68.6 incluyéndola). Parámetros vulnerables &download_path, &download_path_url, &download_page_url • https://patchstack.com/database/vulnerability/wp-downloadmanager/wordpress-wp-downloadmanager-plugin-1-68-6-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities https://wordpress.org/plugins/wp-downloadmanager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25606 – WordPress WP-DownloadManager plugin <= 1.68.5 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-25606
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. Múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) Almacenado y Autenticado detectado en el plugin WP-DownloadManager de WordPress (versiones anteriores a 1.68.6 incluyéndola). Parámetros vulnerables &download_path, &download_path_url, &download_page_url, &download_categories • https://patchstack.com/database/vulnerability/wp-downloadmanager/wordpress-wp-downloadmanager-plugin-1-68-5-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities https://wordpress.org/plugins/wp-downloadmanager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •