Vulnerabilities > Wpdownloadmanager

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-05	CVE-2021-34638	Path Traversal vulnerability in Wpdownloadmanager Wordpress Download Manager Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions. network low complexity wpdownloadmanager CWE-22	6.5
2021-08-05	CVE-2021-34639	Unrestricted Upload of File with Dangerous Type vulnerability in Wpdownloadmanager Wordpress Download Manager Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. network low complexity wpdownloadmanager CWE-434	8.8
2019-09-03	CVE-2019-15889	Cross-site Scripting vulnerability in Wpdownloadmanager Wordpress Download Manager The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. network low complexity wpdownloadmanager CWE-79	6.1
2018-01-16	CVE-2017-18032	Cross-site Scripting vulnerability in Wpdownloadmanager Wordpress Download Manager The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php. network low complexity wpdownloadmanager CWE-79	6.1
2017-07-07	CVE-2017-2217	Open Redirect vulnerability in Wpdownloadmanager Wordpress Download Manager Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. network low complexity wpdownloadmanager CWE-601	6.1
2017-07-07	CVE-2017-2216	Cross-site Scripting vulnerability in Wpdownloadmanager Wordpress Download Manager Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity wpdownloadmanager CWE-79	6.1

Vulnerabilities > Wpdownloadmanager {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Wpdownloadmanager"}]}

Vulnerabilities > Wpdownloadmanager