23 results (0.016 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one. El complemento Download Manager de WordPress anterior a 3.2.83 no protege las contraseñas de descarga de archivos y las filtra al recibir una no válida. The Download Manager plugin for WordPress is vulnerable to information Exposure in all versions up to, and including, 3.2.82. This is due to the plugin leaking the password to a protected file when it receives an invalid password. This makes it possible for unauthenticated attackers to gain access to protected files. • https://wpscan.com/vulnerability/244c7c00-fc8d-4a73-bbe0-7865c621d410 • CWE-522: Insufficiently Protected Credentials CWE-863: Incorrect Authorization •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. W3 Eden Download Manager versions 3.2.70 and below suffer from a persistent cross site scripting vulnerability via ShortCode. • https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/login-form.php#L10 https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/members.php#L10 https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/reg-form.php#L11 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2906403%40download-manager&new=2906403%40download-manager&sfp_email=&sfph_mail= https://www • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. El complemento Download Manager de WordPress anterior a 3.2.62 no valida ni escapa algunos de sus atributos de código corto antes de devolverlos a la página, lo que podría permitir a los usuarios con un rol tan bajo como colaborador realizar ataques de cross-site scripting almacenado contra usuarios registrados, como administradores. The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 3.2.61 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/856cac0f-2526-4978-acad-d6d82a0bec45 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. El plugin Download Manager para WordPress es vulnerable a una deserialización de entradas no confiables por medio del parámetro "file[package_dir]" en versiones hasta 3.2.49 incluyéndola. Esto hace posible a atacantes autenticados con privilegios de contribuyente y superiores llamar a archivos usando una envoltura PHAR que de serializará los datos y llamará a Objetos PHP arbitrarios que pueden ser usados para llevar a cabo una variedad de acciones maliciosas concedidas una cadena POP también está presente. • https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Admin/Menu/Packages.php#L68 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php&new=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php https://www.wordfence.com/threat-intel/vulnerabilities/id/471957f6-54c1-4268-b2e1-8efa391dcaec?source=cve https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2436 • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin W3 Eden Download Manager versiones anteriores a 3.2.48 incluyéndola, en WordPress. The Download Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.48. This is due to missing or incorrect nonce validation on the updateTemplateStatus function. This makes it possible for unauthenticated attackers to trigger setting changes forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-48-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/download-manager/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •