CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-1985 – Download Manager <= 3.2.42 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1985
02 Jun 2022 — The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file. El plugin Download Manager para WordPress es vulnerable a un ataque de tipo Cross-Site Scripting reflejado en versiones hasta la 3.2.42 incluyéndola. Esto es debido a un saneo insuficiente de la entrada y escape de la salida en... • https://packetstorm.news/files/id/167448 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0828 – Download Manager < 3.2.39 - Unauthenticated brute force of files master key
https://notcve.org/view.php?id=CVE-2022-0828
16 Mar 2022 — The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. El plugin Download Manager de WordPress versiones anteriores a 3.2.39, usa la función php uniqid para generar la clave maestra para una descarga, permitiendo a un atacante forzar la clave con recursos raz... • https://wpscan.com/vulnerability/7f0742ad-6fd7-4258-9e44-d42e138789bb • CWE-326: Inadequate Encryption Strength CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25087 – Wordpress Download Manager < 3.2.25 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2021-25087
02 Feb 2022 — The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25). El plugin Download Manager de WordPress versiones anteriores a 3.2.35, no presenta comprobaciones de autorización en algunos de los endpoints de la API REST, permitiendo a atacantes no autenticados ll... • https://wpscan.com/vulnerability/d7ceafae-65ec-4e05-9ed1-59470771bf07 • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24969 – Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24969
29 Nov 2021 — The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks El plugin Download Manager de WordPress versiones anteriores a 3.2.22, no sanea y escapa de los datos de la plantilla antes de mostrarlos ... • https://wpscan.com/vulnerability/01144c50-54ca-44d9-9ce8-bf4f659114ee • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24773 – WordPress Download Manager < 3.2.16 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24773
29 Sep 2021 — The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed El plugin Download Manager de WordPress versiones anteriores a 3.2.16 no escapa a algunos de los ajustes de descarga cuando los emite, permitiendo a usuarios con altos privilegios llevar a cabo ataques de tipo XSS incluso cuando la capacidad unfiltered_html no está permitid... • https://wpscan.com/vulnerability/aab2ddbb-7675-40fc-90ee-f5bfa8a5b995 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34638 – WordPress Download Manager <= 3.1.24 Authenticated Directory Traversal
https://notcve.org/view.php?id=CVE-2021-34638
29 Jul 2021 — Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions. Un Salto de Directorio Autenticado en WordPress Download Manager versiones ant... • https://www.wordfence.com/blog/2021/07/wordpress-download-manager-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34639 – WordPress Download Manager <= 3.1.24 Authenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2021-34639
29 Jul 2021 — Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions. Una subida de archivos Autenticada en WordPress Download Manager versiones anteriores a 3.1.24 incluyéndola, permite a usuarios autenticados (Author+) subir archivos con una extensión doble, por ejemplo, "payload.php.pn... • https://www.wordfence.com/blog/2021/07/wordpress-download-manager-vulnerabilities • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-646: Reliance on File Name or Extension of Externally-Supplied File •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 5CVE-2019-15889 – WordPress Download Manager <= 2.9.93 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15889
13 Apr 2019 — The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. El plugin download-manager en versiones anteriores a la 2.9.94 para WordPress tiene Cross-Site Scripting (XSS) mediante la función shortcode de categoría, como es demostrado por el parámetro orderby or search[publish_date]. The WordPress Download Manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstra... • https://packetstorm.news/files/id/154356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2217 – WordPress Download Manager < 2.9.51 - Open Redirect
https://notcve.org/view.php?id=CVE-2017-2217
07 Jul 2017 — Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Una vulnerabilidad de redirección abierta en versiones anteriores a la 2.9.51 de WordPress Download Manager permite a atacantes remotos redirigir usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing utilizando vectores no especificados. • https://jvn.jp/en/jp/JVN79738260/index.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18032 – WordPress Download Manager <= 2.9.51 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18032
16 Jun 2017 — The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php. El plugin download-manager en versiones anteriores a la 2.9.52 para WordPress tiene XSS mediante el parámetro id en una acción wpdm_generate_password en wp-admin/admin-ajax.php. • https://security.dxw.com/advisories/xss-download-manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •