CVE-2022-3076 – CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2022-3076
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example. El plugin CM Download Manager de WordPress versiones anteriores a 2.8.6, permite a usuarios con altos privilegios, como los administradores, subir archivos arbitrarios estableciendo cualquier extensión por medio de la configuración del plugin, lo que podría ser usado por los administradores de un blog multisitio para descargar archivos PHP, por ejemplo. The CM Download Manager plugin for WordPress is vulnerable to arbitrary file uploads because it allows administrators to choose the php extension as an allowable file extension in versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-24678 – CM Tooltip Glossary < 3.9.21 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24678
The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks El plugin CM Tooltip Glossary de WordPress versiones anteriores a 3.9.21, no escapa a algunos atributos del shortcode glossary_tooltip, lo que podría permitir a usuarios con un rol tan bajo como el de Contributor llevar a cabo ataques de tipo Cross-Site Scripting Almacenado The CM Tooltip Glossary plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.9.20 due to insufficient input sanitization and output escaping. It does not escape some glossary_tooltip shortcode attributes. This makes it possible for Contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/b83880f7-8614-4409-9305-d059b5df15dd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-24146 – CM Download Manager < 2.8.0 - Directory Traversal to Arbitrary File Deletion and Denial of Service
https://notcve.org/view.php?id=CVE-2020-24146
Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action. Un salto de Directorio en el plugin CM Download Manager (también se conoce como cm-download-manager) versión 2.7.0 para WordPress, permite a usuarios autorizados eliminar archivos arbitrarios y posiblemente causar una denegación de servicio por medio del parámetro fileName en una acción deletescreenshot • https://github.com/secwx/research/blob/main/cve/CVE-2020-24146.md https://wordpress.org/plugins/cm-download-manager/#developers • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-24145 – CM Download Manager <= 2.7.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-24145
Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el plugin CM Download Manager (también se conoce como cm-download-manager) versión 2.7.0 para WordPress, permite a atacantes remotos inyectar scripts web o HTML arbitrarios por medio de una acción deletescreenshot diseñada The CM Download Manager plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.7.0 via a crafted deletescreenshot action due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://github.com/secwx/research/blob/main/cve/CVE-2020-24145.md https://wordpress.org/plugins/cm-download-manager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-27344 – CM Download Manager <= 2.7.0 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-27344
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. El plugin cm-download-manager versiones anteriores a 2.8.0 para WordPress, permite un ataque de tipo XSS The CM Download Manager plugin for WordPress is vulnerable to Authenticated Stored Cross-Site Scripting via the ‘filename’ parameter in versions up to, and including, 2.7.0 due to insufficient input sanitization and output escaping. This makes it possible for highly privileged attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://gist.github.com/qwebee/da79c6a9fa982c3c40988a1e0598c0d9 https://wordpress.org/plugins/cm-download-manager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •