CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18032 – WordPress Download Manager <= 2.9.51 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18032
16 Jun 2017 — The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php. El plugin download-manager en versiones anteriores a la 2.9.52 para WordPress tiene XSS mediante el parámetro id en una acción wpdm_generate_password en wp-admin/admin-ajax.php. • https://security.dxw.com/advisories/xss-download-manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2216 – WordPress Download Manager <= 2.9.49 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-2216
13 Jun 2017 — Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de Cross-Site Scripting (XSS) en versiones anteriores a la 2.9.50 de WordPress Download Manager permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. The WordPress Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting parameter in v... • https://jvn.jp/en/jp/JVN79738260/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 104EXPL: 1CVE-2014-8585
https://notcve.org/view.php?id=CVE-2014-8585
04 Nov 2014 — Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php. Vulnerabilidad de salto de directorio en el plugin WordPress Download Manager para WordPress permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro fname en (1) views/file_download.php o (2) file_download.php. • http://packetstormsecurity.com/files/128852/WordPress-Download-Manager-Arbitrary-File-Download.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 6%CPEs: 9EXPL: 2CVE-2013-7319 – Download Manager < 2.5.9 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-7319
08 Dec 2013 — Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field. Vulnerabilidad de XSS en el plugin Download Manager anterior a 2.5.9 para WordPress permite a atacantes remotos inyectar script Web o HTML arbitrario a través del campo "title". • https://www.exploit-db.com/exploits/30105 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •