CVE-2020-24145 – CM Download Manager <= 2.7.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-24145
Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el plugin CM Download Manager (también se conoce como cm-download-manager) versión 2.7.0 para WordPress, permite a atacantes remotos inyectar scripts web o HTML arbitrarios por medio de una acción deletescreenshot diseñada The CM Download Manager plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.7.0 via a crafted deletescreenshot action due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://github.com/secwx/research/blob/main/cve/CVE-2020-24145.md https://wordpress.org/plugins/cm-download-manager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-27344 – CM Download Manager <= 2.7.0 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-27344
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. El plugin cm-download-manager versiones anteriores a 2.8.0 para WordPress, permite un ataque de tipo XSS The CM Download Manager plugin for WordPress is vulnerable to Authenticated Stored Cross-Site Scripting via the ‘filename’ parameter in versions up to, and including, 2.7.0 due to insufficient input sanitization and output escaping. This makes it possible for highly privileged attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://gist.github.com/qwebee/da79c6a9fa982c3c40988a1e0598c0d9 https://wordpress.org/plugins/cm-download-manager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-9129 – CM Download Manager <= 2.0.6 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-9129
Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php. Vulnerabilidad de CSRF en el plugin CreativeMinds CM Downloads Manager anterior a 2.0.7 para WordPress permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que realizan ataques de XSS a través del parámetro addons_title en la página CMDM_admin_settings en wp-admin/admin.php. WordPress CM Download Manager plugin versions 2.0.6 and below suffer from cross site request forgery and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/129357/WordPress-CM-Download-Manager-2.0.6-XSS-CSRF.html http://www.securityfocus.com/archive/1/534132/100/0/threaded http://www.securityfocus.com/bid/71418 https://downloadsmanager.cminds.com/release-notes • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-8877 – CM Download Manager <= 2.0.3 - Code Injection
https://notcve.org/view.php?id=CVE-2014-8877
The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function. La función alterSearchQuery en lib/controllers/CmdownloadController.php en el plugin CreativeMinds CM Downloads Manager anterior a 2.0.4 para WordPress permite a atacantes remotos ejecutar código PHP arbitrario a través del parámetro CMDsearch en cmdownloads/, lo que está procesado por la función PHP create_function. WordPress CM Download Manager plugin versions 2.0.0 and below suffer from a code injection vulnerability. • https://www.exploit-db.com/exploits/35324 http://packetstormsecurity.com/files/129183/WordPress-CM-Download-Manager-2.0.0-Code-Injection.html http://www.itas.vn/news/code-injection-in-cm-download-manager-plugin-66.html http://www.securityfocus.com/archive/1/534037/100/0/threaded http://www.securityfocus.com/bid/71204 https://downloadsmanager.cminds.com/release-notes • CWE-94: Improper Control of Generation of Code ('Code Injection') •