Vulnerabilities > Wpdownloadmanager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-19 | CVE-2024-11740 | Code Injection vulnerability in Wpdownloadmanager Download Manager The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. | 7.3 |
| 2024-11-18 | CVE-2024-52435 | SQL Injection vulnerability in Wpdownloadmanager Premium Packages - Sell Digital products Securely Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in W3 Eden, Inc. | 7.2 |
| 2024-01-01 | CVE-2023-6421 | Insufficiently Protected Credentials vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one. | 7.5 |
| 2023-05-02 | CVE-2023-1809 | Unspecified vulnerability in Wpdownloadmanager Download Manager 6.0.0 The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. | 7.5 |
| 2022-09-06 | CVE-2022-2431 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. | 8.8 |
| 2022-09-06 | CVE-2022-2436 | Deserialization of Untrusted Data vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. | 8.8 |
| 2022-08-23 | CVE-2022-36288 | Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | 8.8 |
| 2022-08-22 | CVE-2022-2362 | Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions. | 7.5 |
| 2022-08-22 | CVE-2022-34347 | Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | 8.8 |
| 2022-04-11 | CVE-2022-0828 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. | 7.5 |