CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24969 – Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24969
The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks El plugin Download Manager de WordPress versiones anteriores a 3.2.22, no sanea y escapa de los datos de la plantilla antes de mostrarlos en varias páginas (como el panel de control del administrador y el frontend). Debido a una falta de comprobaciones de autorización y CSRF en la acción AJAX wpdm_save_template, cualquier usuario autenticado, como el suscriptor, puede llamarla y llevar a cabo ataques de tipo Cross-Site Scripting • https://wpscan.com/vulnerability/01144c50-54ca-44d9-9ce8-bf4f659114ee • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24773 – WordPress Download Manager < 3.2.16 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24773
The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed El plugin Download Manager de WordPress versiones anteriores a 3.2.16 no escapa a algunos de los ajustes de descarga cuando los emite, permitiendo a usuarios con altos privilegios llevar a cabo ataques de tipo XSS incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/aab2ddbb-7675-40fc-90ee-f5bfa8a5b995 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34639 – WordPress Download Manager <= 3.1.24 Authenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2021-34639
Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions. Una subida de archivos Autenticada en WordPress Download Manager versiones anteriores a 3.1.24 incluyéndola, permite a usuarios autenticados (Author+) subir archivos con una extensión doble, por ejemplo, "payload.php.png" que es ejecutable en algunas configuraciones. Este problema afecta a: WordPress Download Manager versión 3.1.24 y versiones anteriores • https://www.wordfence.com/blog/2021/07/wordpress-download-manager-vulnerabilities • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-646: Reliance on File Name or Extension of Externally-Supplied File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34638 – WordPress Download Manager <= 3.1.24 Authenticated Directory Traversal
https://notcve.org/view.php?id=CVE-2021-34638
Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions. Un Salto de Directorio Autenticado en WordPress Download Manager versiones anteriores a 3.1.24 incluyéndola, permite a usuarios autenticados (Contributor+) obtener información confidencial de archivos de configuración, además de permitir a usuarios Author+ llevar a cabo ataques de tipo XSS, al ajustar Download template a un archivo que contiene información de configuración o un JavaScript cargado con una extensión de imagen Este problema afecta a: WordPress Download Manager versión 3.1.24 y versiones anteriores • https://www.wordfence.com/blog/2021/07/wordpress-download-manager-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 4CVE-2019-15889 – WordPress Download Manager <= 2.9.93 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15889
The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. El plugin download-manager en versiones anteriores a la 2.9.94 para WordPress tiene Cross-Site Scripting (XSS) mediante la función shortcode de categoría, como es demostrado por el parámetro orderby or search[publish_date]. The WordPress Download Manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. Wordpress Download Manager plugin version 2.9.93 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/47350 http://packetstormsecurity.com/files/154356/WordPress-Download-Manager-2.9.93-Cross-Site-Scripting.html https://packetstormsecurity.com/files/152511/WordPress-Download-Manager-2.9.92-Cross-Site-Scripting.html https://packetstormsecurity.com/files/152552/WordPress-Download-Manager-2.9.93-Cross-Site-Scripting.html https://plugins.trac.wordpress.org/changeset/2070388/download-manager https://wordpress.org/plugins/download-manager/#developers https://wpvulndb.com/vulnerabilities&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •