CVE-2024-1231 – CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF
https://notcve.org/view.php?id=CVE-2024-1231
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack El complemento CM Download Manager de WordPress anterior a 2.9.0 no tiene comprobaciones CSRF en algunos lugares, lo que podría permitir a los atacantes hacer que los administradores registrados anulen la publicación de las descargas mediante un ataque CSRF. The CM Download Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 2.9.0. This is due to missing or incorrect nonce validation on the 'unpublishHeader' function. This makes it possible for unauthenticated attackers to unpublish downloads via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/7d3968d9-61ed-4c00-8764-0360cf03255e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-1962 – CM Download and File Manager < 2.9.1 - Download Edit via CSRF
https://notcve.org/view.php?id=CVE-2024-1962
The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack El complemento CM Download Manager de WordPress anterior a 2.9.1 no tiene controles CSRF en algunos lugares, lo que podría permitir a los atacantes hacer que los administradores registrados editen las descargas a través de un ataque CSRF. The CM Download Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 2.9.1. This is due to missing or incorrect nonce validation on the 'editHeader' function. This makes it possible for unauthenticated attackers to edit downloads via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/469486d4-7677-4d66-83c0-a6b9ac7c503b • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-1232 – CM Download Manager < 2.9.0 - Download Deletion via CSRF
https://notcve.org/view.php?id=CVE-2024-1232
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack El complemento CM Download Manager de WordPress anterior a 2.9.0 no tiene comprobaciones CSRF en algunos lugares, lo que podría permitir a los atacantes hacer que los administradores registrados eliminen las descargas mediante un ataque CSRF. The CM Download Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 2.9.0. This is due to missing or incorrect nonce validation on the 'delHeader' function. This makes it possible for unauthenticated attackers to delete downloads via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/2a29b509-4cd5-43c8-84f4-f86251dd28f8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-3076 – CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2022-3076
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example. El plugin CM Download Manager de WordPress versiones anteriores a 2.8.6, permite a usuarios con altos privilegios, como los administradores, subir archivos arbitrarios estableciendo cualquier extensión por medio de la configuración del plugin, lo que podría ser usado por los administradores de un blog multisitio para descargar archivos PHP, por ejemplo. The CM Download Manager plugin for WordPress is vulnerable to arbitrary file uploads because it allows administrators to choose the php extension as an allowable file extension in versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-24146 – CM Download Manager < 2.8.0 - Directory Traversal to Arbitrary File Deletion and Denial of Service
https://notcve.org/view.php?id=CVE-2020-24146
Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action. Un salto de Directorio en el plugin CM Download Manager (también se conoce como cm-download-manager) versión 2.7.0 para WordPress, permite a usuarios autorizados eliminar archivos arbitrarios y posiblemente causar una denegación de servicio por medio del parámetro fileName en una acción deletescreenshot • https://github.com/secwx/research/blob/main/cve/CVE-2020-24146.md https://wordpress.org/plugins/cm-download-manager/#developers • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •