Vulnerabilities > W3Eden > Download Manager > 3.2.96

DATE CVE VULNERABILITY TITLE RISK
2024-12-31 CVE-2024-56217 Missing Authorization vulnerability in W3Eden Download Manager
Missing Authorization vulnerability in W3 Eden, Inc.
network
low complexity
w3eden CWE-862
6.3
6.3
2024-12-19 CVE-2024-11740 Code Injection vulnerability in W3Eden Download Manager
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03.
network
low complexity
w3eden CWE-94
7.3
7.3
2024-12-19 CVE-2024-11768 Unspecified vulnerability in W3Eden Download Manager
The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03.
network
low complexity
w3eden
5.3
5.3
2024-07-31 CVE-2024-6208 Cross-site Scripting vulnerability in W3Eden Download Manager 3.2.96/3.2.97
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the 'cols' parameter.
network
low complexity
w3eden CWE-79
5.4
5.4