Vulnerabilities > Wpdownloadmanager > Wordpress Download Manager > 3.0.4

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-05	CVE-2021-34638	Path Traversal vulnerability in Wpdownloadmanager Wordpress Download Manager Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions. network low complexity wpdownloadmanager CWE-22	4.0
2021-08-05	CVE-2021-34639	Unrestricted Upload of File with Dangerous Type vulnerability in Wpdownloadmanager Wordpress Download Manager Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. network low complexity wpdownloadmanager CWE-434	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.