Vulnerabilities > W3Eden > Download Manager > 2.7.85
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-31 | CVE-2024-56217 | Missing Authorization vulnerability in W3Eden Download Manager Missing Authorization vulnerability in W3 Eden, Inc. | 6.3 |
| 2024-12-19 | CVE-2024-11740 | Code Injection vulnerability in W3Eden Download Manager The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. | 7.3 |
| 2024-12-19 | CVE-2024-11768 | Unspecified vulnerability in W3Eden Download Manager The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. | 5.3 |
| 2024-06-13 | CVE-2024-2098 | Incorrect Authorization vulnerability in W3Eden Download Manager The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. | 7.5 |
| 2024-06-12 | CVE-2024-1766 | Cross-site Scripting vulnerability in W3Eden Download Manager The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-12 | CVE-2024-5266 | Cross-site Scripting vulnerability in W3Eden Download Manager The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-31 | CVE-2024-4160 | Cross-site Scripting vulnerability in W3Eden Download Manager The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-17 | CVE-2024-32131 | Unspecified vulnerability in W3Eden Download Manager Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. | 7.5 |
| 2024-03-19 | CVE-2024-29114 | Cross-site Scripting vulnerability in W3Eden Download Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. | 5.4 |
| 2024-03-13 | CVE-2023-6785 | Missing Authorization vulnerability in W3Eden Download Manager The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. | 5.3 |