Vulnerabilities > Wpdownloadmanager > Wordpress Download Manager > High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-01	CVE-2023-6421	Insufficiently Protected Credentials vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one. network low complexity wpdownloadmanager CWE-522	7.5
2022-09-06	CVE-2022-2436	Deserialization of Untrusted Data vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. network low complexity wpdownloadmanager CWE-502	8.8
2022-04-11	CVE-2022-0828	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. network low complexity wpdownloadmanager CWE-338	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.