Vulnerabilities > Wpdownloadmanager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-1766 | Cross-site Scripting vulnerability in Wpdownloadmanager Download Manager The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-12 | CVE-2024-5266 | Cross-site Scripting vulnerability in Wpdownloadmanager Download Manager The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-05 | CVE-2024-4001 | Cross-site Scripting vulnerability in Wpdownloadmanager Download Manager The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-08-12 | CVE-2023-4293 | Unspecified vulnerability in Wpdownloadmanager Premium Packages - Sell Digital products Securely The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmpp_update_profile' function. | 6.5 |
| 2023-06-09 | CVE-2023-2305 | Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-05-30 | CVE-2023-1524 | Unspecified vulnerability in Wpdownloadmanager Download Manager The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. | 6.5 |
| 2023-05-03 | CVE-2023-22713 | Cross-site Scripting vulnerability in Wpdownloadmanager Gutenberg Blocks for Wordpress Download Manager Auth. | 5.4 |
| 2023-04-18 | CVE-2022-45836 | Cross-site Scripting vulnerability in Wpdownloadmanager Download Manager Unauth. | 6.1 |
| 2023-01-16 | CVE-2022-4476 | Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. | 5.4 |
| 2022-07-18 | CVE-2022-2101 | Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping. | 5.4 |