Wordpress Download Manager

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-01	CVE-2021-24773	Cross-site Scripting vulnerability in Wpdownloadmanager Wordpress Download Manager The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed network wpdownloadmanager CWE-79	3.5
2021-08-05	CVE-2021-34638	Path Traversal vulnerability in Wpdownloadmanager Wordpress Download Manager Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions. network low complexity wpdownloadmanager CWE-22	4.0
2021-08-05	CVE-2021-34639	Unrestricted Upload of File with Dangerous Type vulnerability in Wpdownloadmanager Wordpress Download Manager Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. network low complexity wpdownloadmanager CWE-434	6.5
2019-09-03	CVE-2019-15889	Cross-site Scripting vulnerability in Wpdownloadmanager Wordpress Download Manager The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. network wpdownloadmanager CWE-79	4.3
2018-01-16	CVE-2017-18032	Cross-site Scripting vulnerability in Wpdownloadmanager Wordpress Download Manager The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php. network wpdownloadmanager CWE-79	4.3
2017-07-07	CVE-2017-2217	Open Redirect vulnerability in Wpdownloadmanager Wordpress Download Manager Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. network wpdownloadmanager CWE-601	5.8
2017-07-07	CVE-2017-2216	Cross-site Scripting vulnerability in Wpdownloadmanager Wordpress Download Manager Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network wpdownloadmanager CWE-79	4.3
2014-11-04	CVE-2014-8585	Link Following vulnerability in Wpdownloadmanager Wordpress Download Manager Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. network low complexity wpdownloadmanager CWE-59	5.0
2014-02-06	CVE-2013-7319	Cross-Site Scripting vulnerability in Wpdownloadmanager Wordpress Download Manager Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field. network wpdownloadmanager CWE-79	4.3