Vulnerabilities > W3Eden > Download Manager > 3.2.46

DATE CVE VULNERABILITY TITLE RISK
2022-08-22 CVE-2022-2362 Unspecified vulnerability in W3Eden Download Manager
The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.
network
low complexity
w3eden
7.5
2022-08-22 CVE-2022-34347 Cross-Site Request Forgery (CSRF) vulnerability in W3Eden Download Manager
Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
network
low complexity
w3eden CWE-352
8.8
2022-07-18 CVE-2022-2101 Unspecified vulnerability in W3Eden Download Manager
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping.
network
low complexity
w3eden
5.4