Vulnerabilities > Wpdownloadmanager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-01 | CVE-2023-6421 | Insufficiently Protected Credentials vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one. | 7.5 |
| 2023-05-02 | CVE-2023-1809 | Unspecified vulnerability in Wpdownloadmanager Download Manager 6.0.0 The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. | 7.5 |
| 2022-09-06 | CVE-2022-2436 | Deserialization of Untrusted Data vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. | 8.8 |
| 2022-04-11 | CVE-2022-0828 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. | 7.5 |