Vulnerabilities > W3Eden > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-31 | CVE-2024-56217 | Missing Authorization vulnerability in W3Eden Download Manager Missing Authorization vulnerability in W3 Eden, Inc. | 6.3 |
| 2024-12-19 | CVE-2024-11768 | Unspecified vulnerability in W3Eden Download Manager The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. | 5.3 |
| 2024-07-31 | CVE-2024-6208 | Cross-site Scripting vulnerability in W3Eden Download Manager 3.2.96/3.2.97 The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the 'cols' parameter. | 5.4 |
| 2024-06-12 | CVE-2024-1766 | Cross-site Scripting vulnerability in W3Eden Download Manager The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-12 | CVE-2024-5266 | Cross-site Scripting vulnerability in W3Eden Download Manager The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-31 | CVE-2024-4160 | Cross-site Scripting vulnerability in W3Eden Download Manager The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-19 | CVE-2024-29114 | Cross-site Scripting vulnerability in W3Eden Download Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. | 5.4 |
| 2024-03-13 | CVE-2023-6785 | Missing Authorization vulnerability in W3Eden Download Manager The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. | 5.3 |
| 2024-03-13 | CVE-2023-6954 | Cross-site Scripting vulnerability in W3Eden Download Manager The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-06-09 | CVE-2023-2305 | Unspecified vulnerability in W3Eden Download Manager The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |