CVE-2021-24773 – WordPress Download Manager < 3.2.16 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24773
The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed El plugin Download Manager de WordPress versiones anteriores a 3.2.16 no escapa a algunos de los ajustes de descarga cuando los emite, permitiendo a usuarios con altos privilegios llevar a cabo ataques de tipo XSS incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/aab2ddbb-7675-40fc-90ee-f5bfa8a5b995 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-34639 – WordPress Download Manager <= 3.1.24 Authenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2021-34639
Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions. Una subida de archivos Autenticada en WordPress Download Manager versiones anteriores a 3.1.24 incluyéndola, permite a usuarios autenticados (Author+) subir archivos con una extensión doble, por ejemplo, "payload.php.png" que es ejecutable en algunas configuraciones. Este problema afecta a: WordPress Download Manager versión 3.1.24 y versiones anteriores • https://www.wordfence.com/blog/2021/07/wordpress-download-manager-vulnerabilities • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-646: Reliance on File Name or Extension of Externally-Supplied File •
CVE-2021-34638 – WordPress Download Manager <= 3.1.24 Authenticated Directory Traversal
https://notcve.org/view.php?id=CVE-2021-34638
Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions. Un Salto de Directorio Autenticado en WordPress Download Manager versiones anteriores a 3.1.24 incluyéndola, permite a usuarios autenticados (Contributor+) obtener información confidencial de archivos de configuración, además de permitir a usuarios Author+ llevar a cabo ataques de tipo XSS, al ajustar Download template a un archivo que contiene información de configuración o un JavaScript cargado con una extensión de imagen Este problema afecta a: WordPress Download Manager versión 3.1.24 y versiones anteriores • https://www.wordfence.com/blog/2021/07/wordpress-download-manager-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-540: Inclusion of Sensitive Information in Source Code •
CVE-2019-15889 – WordPress Download Manager <= 2.9.93 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15889
The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. El plugin download-manager en versiones anteriores a la 2.9.94 para WordPress tiene Cross-Site Scripting (XSS) mediante la función shortcode de categoría, como es demostrado por el parámetro orderby or search[publish_date]. The WordPress Download Manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. Wordpress Download Manager plugin version 2.9.93 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/47350 http://packetstormsecurity.com/files/154356/WordPress-Download-Manager-2.9.93-Cross-Site-Scripting.html https://packetstormsecurity.com/files/152511/WordPress-Download-Manager-2.9.92-Cross-Site-Scripting.html https://packetstormsecurity.com/files/152552/WordPress-Download-Manager-2.9.93-Cross-Site-Scripting.html https://plugins.trac.wordpress.org/changeset/2070388/download-manager https://wordpress.org/plugins/download-manager/#developers https://wpvulndb.com/vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-2217 – WordPress Download Manager < 2.9.51 - Open Redirect
https://notcve.org/view.php?id=CVE-2017-2217
Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Una vulnerabilidad de redirección abierta en versiones anteriores a la 2.9.51 de WordPress Download Manager permite a atacantes remotos redirigir usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing utilizando vectores no especificados. • https://jvn.jp/en/jp/JVN79738260/index.html https://plugins.trac.wordpress.org/changeset/1650075 https://wordpress.org/plugins/download-manager/#developers • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •