CVE-2023-6421 – Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak
https://notcve.org/view.php?id=CVE-2023-6421
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one. El complemento Download Manager de WordPress anterior a 3.2.83 no protege las contraseñas de descarga de archivos y las filtra al recibir una no válida. The Download Manager plugin for WordPress is vulnerable to information Exposure in all versions up to, and including, 3.2.82. This is due to the plugin leaking the password to a protected file when it receives an invalid password. This makes it possible for unauthenticated attackers to gain access to protected files. • https://wpscan.com/vulnerability/244c7c00-fc8d-4a73-bbe0-7865c621d410 • CWE-522: Insufficiently Protected Credentials CWE-863: Incorrect Authorization •
CVE-2023-2305 – Download Manager <= 3.2.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
https://notcve.org/view.php?id=CVE-2023-2305
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. W3 Eden Download Manager versions 3.2.70 and below suffer from a persistent cross site scripting vulnerability via ShortCode. • https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/login-form.php#L10 https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/members.php#L10 https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/reg-form.php#L11 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2906403%40download-manager&new=2906403%40download-manager&sfp_email=&sfph_mail= https://www • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-22713 – WordPress Gutenberg Blocks by WordPress Download Manager Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-22713
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions. The Gutenberge Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wpdm-gutenberg-blocks/wordpress-gutenberg-blocks-by-wordpress-download-manager-plugin-2-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-4476 – Download Manager < 3.2.62 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4476
The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. El complemento Download Manager de WordPress anterior a 3.2.62 no valida ni escapa algunos de sus atributos de código corto antes de devolverlos a la página, lo que podría permitir a los usuarios con un rol tan bajo como colaborador realizar ataques de cross-site scripting almacenado contra usuarios registrados, como administradores. The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 3.2.61 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/856cac0f-2526-4978-acad-d6d82a0bec45 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-2436 – Download Manager <= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization
https://notcve.org/view.php?id=CVE-2022-2436
The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. El plugin Download Manager para WordPress es vulnerable a una deserialización de entradas no confiables por medio del parámetro "file[package_dir]" en versiones hasta 3.2.49 incluyéndola. Esto hace posible a atacantes autenticados con privilegios de contribuyente y superiores llamar a archivos usando una envoltura PHAR que de serializará los datos y llamará a Objetos PHP arbitrarios que pueden ser usados para llevar a cabo una variedad de acciones maliciosas concedidas una cadena POP también está presente. • https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Admin/Menu/Packages.php#L68 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php&new=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php https://www.wordfence.com/threat-intel/vulnerabilities/id/471957f6-54c1-4268-b2e1-8efa391dcaec?source=cve https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2436 • CWE-502: Deserialization of Untrusted Data •