Search criteria
42 vulnerabilities found for Download Manager by codename065
CVE-2025-13498 (GCVE-0-2025-13498)
Vulnerability from nvd – Published: 2025-12-18 07:20 – Updated: 2025-12-18 15:33
VLAI?
Title
Download Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the `wpdm_media_access` AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve passwords and access control settings for protected media attachments, which can then be used to bypass the intended media protection and download restricted files.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.32
(semver)
|
Credits
M Indra Purnama
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:26:47.026076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:33:29.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.32",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M Indra Purnama"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the `wpdm_media_access` AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve passwords and access control settings for protected media attachments, which can then be used to bypass the intended media protection and download restricted files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T07:20:46.463Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2cdd50d-6290-4cef-a72c-2e9d680d4f1f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.32/src/MediaLibrary/MediaAccessControl.php#L26"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.32/src/MediaLibrary/MediaAccessControl.php#L275"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.32/src/MediaLibrary/MediaAccessControl.php#L299"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3413804/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-01T19:03:32.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-17T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13498",
"datePublished": "2025-12-18T07:20:46.463Z",
"dateReserved": "2025-11-21T01:04:54.935Z",
"dateUpdated": "2025-12-18T15:33:29.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12177 (GCVE-0-2025-12177)
Vulnerability from nvd – Published: 2025-11-08 03:27 – Updated: 2025-11-10 20:09
VLAI?
Title
Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired() and clearTempDataCPCron() functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs leading to deletion of expired posts and clearing cache.
Severity ?
5.3 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.30
(semver)
|
Credits
Jack Pas
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T20:03:13.844824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T20:09:53.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.30",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Pas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired() and clearTempDataCPCron() functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs leading to deletion of expired posts and clearing cache."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T03:27:45.992Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17d5253c-5000-40c7-a7fd-f75d4badfb5e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3390068%40download-manager\u0026new=3390068%40download-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-24T16:12:41.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12177",
"datePublished": "2025-11-08T03:27:45.992Z",
"dateReserved": "2025-10-24T15:57:21.778Z",
"dateUpdated": "2025-11-10T20:09:53.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10146 (GCVE-0-2025-10146)
Vulnerability from nvd – Published: 2025-09-19 04:27 – Updated: 2025-09-19 12:01
VLAI?
Title
Download Manager <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter
Summary
The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_ids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.23
(semver)
|
Credits
Dale Mavers
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T12:00:05.442935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T12:01:51.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.23",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dale Mavers"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018user_ids\u2019 parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T04:27:04.280Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1adb414-8945-4e11-8770-dab3285d608e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.23/src/Admin/views/stats/history.php#L225"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-04T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-09-08T22:51:21.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-18T16:25:25.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10146",
"datePublished": "2025-09-19T04:27:04.280Z",
"dateReserved": "2025-09-08T22:36:06.157Z",
"dateUpdated": "2025-09-19T12:01:51.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4367 (GCVE-0-2025-4367)
Vulnerability from nvd – Published: 2025-06-19 03:40 – Updated: 2025-06-20 13:12
VLAI?
Title
Download Manager <= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.18
(semver)
|
Credits
Brian Sans-Souci
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T12:38:24.397807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:12:10.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.18",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Sans-Souci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T03:40:13.166Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/029956d7-6e3f-4159-9f53-05691e0262fc?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/dashboard/profile.php#L79"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/wpdm-functions.php#L200"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3313608%40download-manager\u0026old=3308801%40download-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-28T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-06-16T19:43:11.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-06-18T15:05:22.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-4367",
"datePublished": "2025-06-19T03:40:13.166Z",
"dateReserved": "2025-05-05T18:08:42.449Z",
"dateUpdated": "2025-06-20T13:12:10.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3404 (GCVE-0-2025-3404)
Vulnerability from nvd – Published: 2025-04-19 07:23 – Updated: 2025-04-21 14:11
VLAI?
Title
Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion
Summary
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity ?
8.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.12
(semver)
|
Credits
Brian Sans-Souci
Audrey François
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T14:11:07.637024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T14:11:45.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.12",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Sans-Souci"
},
{
"lang": "en",
"type": "finder",
"value": "Audrey Fran\u00e7ois"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-19T07:23:39.977Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21f8f5be-b513-4040-af39-c1a61d7e313f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.12/src/Admin/Menu/Packages.php#L45"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.12/src/Admin/Menu/Packages.php#L56"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-31T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-04-18T18:52:05.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3404",
"datePublished": "2025-04-19T07:23:39.977Z",
"dateReserved": "2025-04-07T10:27:00.760Z",
"dateUpdated": "2025-04-21T14:11:45.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3056 (GCVE-0-2025-3056)
Vulnerability from nvd – Published: 2025-04-18 08:21 – Updated: 2025-04-18 12:00
VLAI?
Title
Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.12
(semver)
|
Credits
Siavash Vaez Afshar
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T11:37:22.730415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T12:00:22.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.12",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Siavash Vaez Afshar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T08:21:37.036Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd9e6ba7-f107-4d7c-a7da-35e603f3a1a8?source=cve"
},
{
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3275196/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-17T19:29:16.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3056",
"datePublished": "2025-04-18T08:21:37.036Z",
"dateReserved": "2025-03-31T20:51:31.221Z",
"dateUpdated": "2025-04-18T12:00:22.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1785 (GCVE-0-2025-1785)
Vulnerability from nvd – Published: 2025-03-13 07:31 – Updated: 2025-03-13 20:13
VLAI?
Title
Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite
Summary
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service.
Severity ?
5.4 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.08
(semver)
|
Credits
zhuxuan wu
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T20:12:52.787359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T20:13:02.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.08",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zhuxuan wu"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the \u0027wpdm_newfile\u0027 action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T07:31:39.039Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5c7974-4c10-4880-8823-2accee3c0da4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3252990%40download-manager\u0026new=3252990%40download-manager\u0026sfp_email=\u0026sfph_mail=#file4"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-12T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1785",
"datePublished": "2025-03-13T07:31:39.039Z",
"dateReserved": "2025-02-28T16:12:41.242Z",
"dateUpdated": "2025-03-13T20:13:02.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11768 (GCVE-0-2024-11768)
Vulnerability from nvd – Published: 2024-12-19 05:24 – Updated: 2024-12-19 16:38
VLAI?
Title
Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files.
Severity ?
5.3 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.03
(semver)
|
Credits
Emiliano Versini
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-19T16:34:22.940689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T16:38:23.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.03",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Emiliano Versini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T05:24:56.535Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/feb915f4-66d6-4f46-949c-5354e414319b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/__/Apply.php#L376"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-02T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-12-18T16:22:49.000+00:00",
"value": "Disclosed"
}
],
"title": "Download manager \u003c= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11768",
"datePublished": "2024-12-19T05:24:56.535Z",
"dateReserved": "2024-11-26T15:16:24.789Z",
"dateUpdated": "2024-12-19T16:38:23.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11740 (GCVE-0-2024-11740)
Vulnerability from nvd – Published: 2024-12-19 05:24 – Updated: 2024-12-19 16:38
VLAI?
Title
Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution
Summary
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Severity ?
7.3 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.03
(semver)
|
Credits
Michael Mazzolini
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-19T16:34:25.581814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T16:38:30.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.03",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T05:24:55.981Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a7be578-5883-4cd3-963d-bf81c3af2003?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/views/shortcode-iframe.php#L203"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/Hooks.php#L42"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-19T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-12-18T16:22:49.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11740",
"datePublished": "2024-12-19T05:24:55.981Z",
"dateReserved": "2024-11-26T12:37:35.772Z",
"dateUpdated": "2024-12-19T16:38:30.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6208 (GCVE-0-2024-6208)
Vulnerability from nvd – Published: 2024-07-31 12:43 – Updated: 2024-07-31 16:33
VLAI?
Title
Download Manager <= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the 'cols' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.97
(semver)
|
Credits
Jack Taylor
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T16:32:55.052771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T16:33:02.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.97",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027wpdm_all_packages\u0027 shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the \u0027cols\u0027 parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T12:43:17.135Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7c67d2f8-d918-42ef-a301-27eed7fa41b2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=3097323#L302"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=3097323#L10"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3126662/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6208",
"datePublished": "2024-07-31T12:43:17.135Z",
"dateReserved": "2024-06-20T16:09:52.285Z",
"dateUpdated": "2024-07-31T16:33:02.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2098 (GCVE-0-2024-2098)
Vulnerability from nvd – Published: 2024-06-13 05:34 – Updated: 2024-08-01 19:03
VLAI?
Title
Download Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files.
Severity ?
7.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.89
(semver)
|
Credits
Moritz Öhrlein
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T14:53:39.905967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T14:53:50.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:38.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1301c8af-d81a-40f1-96fa-e8252309d8a4?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3072712/download-manager"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.89",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Moritz \u00d6hrlein"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the \u0027protectMediaLibrary\u0027 function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-289 Authentication Bypass by Alternate Name",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T05:34:44.893Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1301c8af-d81a-40f1-96fa-e8252309d8a4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3072712/download-manager"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-11T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-06-12T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.89 - Improper Authorization via protectMediaLibrary"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2098",
"datePublished": "2024-06-13T05:34:44.893Z",
"dateReserved": "2024-03-01T15:59:07.828Z",
"dateUpdated": "2024-08-01T19:03:38.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1766 (GCVE-0-2024-1766)
Vulnerability from nvd – Published: 2024-06-12 11:05 – Updated: 2024-08-01 18:48
VLAI?
Title
Download Manager <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.
Severity ?
4.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.86
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:w3eden:download_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "download_manager",
"vendor": "w3eden",
"versions": [
{
"lessThanOrEqual": "3.2.86",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T13:16:34.555528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T13:20:14.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9774c999-acb6-4c5f-ad6c-10979660b164?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/dashboard/edit-profile.php#L16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.86",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user\u0027s Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T11:05:08.210Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9774c999-acb6-4c5f-ad6c-10979660b164?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/dashboard/edit-profile.php#L16"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-11T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-06-11T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-1766",
"datePublished": "2024-06-12T11:05:08.210Z",
"dateReserved": "2024-02-22T16:31:27.978Z",
"dateUpdated": "2024-08-01T18:48:21.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5266 (GCVE-0-2024-5266)
Vulnerability from nvd – Published: 2024-06-12 08:33 – Updated: 2024-08-01 21:11
VLAI?
Title
Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes
Summary
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.92
(semver)
|
Credits
Jack Taylor
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:10:42.625142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:10:53.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e363a62-8d31-4140-878b-5034d6c7b6a1?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L216"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L261"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/views/dashboard/profile.php?rev=2558306#L79"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L32"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L71"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/views/link-templates/link-template-bsthumnail.php?rev=2558306#L5"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L63"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L255"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L337"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L315"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_user_dashboard-user-dashboard-short-code/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_package-single-package-embed-short-code/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_packages-wp_query-in-a-shortcode-for-download-manager-packages/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_search_result-shows-search-form/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_tag-query-all-downloads-from-specified-tags/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3096450/#file24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.92",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T08:33:18.925Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e363a62-8d31-4140-878b-5034d6c7b6a1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L216"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L261"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/views/dashboard/profile.php?rev=2558306#L79"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L32"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L71"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/views/link-templates/link-template-bsthumnail.php?rev=2558306#L5"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L63"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L255"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L337"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L315"
},
{
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_user_dashboard-user-dashboard-short-code/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_package-single-package-embed-short-code/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_packages-wp_query-in-a-shortcode-for-download-manager-packages/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_search_result-shows-search-form/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_tag-query-all-downloads-from-specified-tags/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3096450/#file24"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-11T19:58:22.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-5266",
"datePublished": "2024-06-12T08:33:18.925Z",
"dateReserved": "2024-05-23T12:32:56.390Z",
"dateUpdated": "2024-08-01T21:11:12.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4001 (GCVE-0-2024-4001)
Vulnerability from nvd – Published: 2024-06-05 11:01 – Updated: 2024-08-01 20:26
VLAI?
Title
Download Manager <= 3.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.93
(semver)
|
Credits
Thanh Nam Tran
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T14:45:47.635285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:45:54.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b478d88d-1423-4a33-b8ef-08b9e66a5d98?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3096459/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.93",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanh Nam Tran"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027wpdm_modal_login_form\u0027 shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T11:01:58.831Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b478d88d-1423-4a33-b8ef-08b9e66a5d98?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3096459/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-04T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4001",
"datePublished": "2024-06-05T11:01:58.831Z",
"dateReserved": "2024-04-19T15:11:28.420Z",
"dateUpdated": "2024-08-01T20:26:57.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4160 (GCVE-0-2024-4160)
Vulnerability from nvd – Published: 2024-05-31 09:31 – Updated: 2024-08-01 20:33
VLAI?
Title
Download Manager <= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.90
(semver)
|
Credits
Jack Taylor
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T13:51:09.688746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:54:41.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f51258a-e228-412f-9d97-28ab679136d7?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=2996137#L202"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_all_packages-list-all-downloads-in-tabular-format-in-a-page/"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3080781/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.90",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027wpdm-all-packages\u0027 shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T09:31:39.856Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f51258a-e228-412f-9d97-28ab679136d7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=2996137#L202"
},
{
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_all_packages-list-all-downloads-in-tabular-format-in-a-page/"
},
{
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3080781/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-30T20:30:54.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4160",
"datePublished": "2024-05-31T09:31:39.856Z",
"dateReserved": "2024-04-25T01:20:56.931Z",
"dateUpdated": "2024-08-01T20:33:52.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-13498 (GCVE-0-2025-13498)
Vulnerability from cvelistv5 – Published: 2025-12-18 07:20 – Updated: 2025-12-18 15:33
VLAI?
Title
Download Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the `wpdm_media_access` AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve passwords and access control settings for protected media attachments, which can then be used to bypass the intended media protection and download restricted files.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.32
(semver)
|
Credits
M Indra Purnama
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:26:47.026076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:33:29.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.32",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M Indra Purnama"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the `wpdm_media_access` AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve passwords and access control settings for protected media attachments, which can then be used to bypass the intended media protection and download restricted files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T07:20:46.463Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2cdd50d-6290-4cef-a72c-2e9d680d4f1f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.32/src/MediaLibrary/MediaAccessControl.php#L26"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.32/src/MediaLibrary/MediaAccessControl.php#L275"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.32/src/MediaLibrary/MediaAccessControl.php#L299"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3413804/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-01T19:03:32.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-17T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13498",
"datePublished": "2025-12-18T07:20:46.463Z",
"dateReserved": "2025-11-21T01:04:54.935Z",
"dateUpdated": "2025-12-18T15:33:29.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12177 (GCVE-0-2025-12177)
Vulnerability from cvelistv5 – Published: 2025-11-08 03:27 – Updated: 2025-11-10 20:09
VLAI?
Title
Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired() and clearTempDataCPCron() functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs leading to deletion of expired posts and clearing cache.
Severity ?
5.3 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.30
(semver)
|
Credits
Jack Pas
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T20:03:13.844824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T20:09:53.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.30",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Pas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired() and clearTempDataCPCron() functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs leading to deletion of expired posts and clearing cache."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T03:27:45.992Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17d5253c-5000-40c7-a7fd-f75d4badfb5e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3390068%40download-manager\u0026new=3390068%40download-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-24T16:12:41.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12177",
"datePublished": "2025-11-08T03:27:45.992Z",
"dateReserved": "2025-10-24T15:57:21.778Z",
"dateUpdated": "2025-11-10T20:09:53.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10146 (GCVE-0-2025-10146)
Vulnerability from cvelistv5 – Published: 2025-09-19 04:27 – Updated: 2025-09-19 12:01
VLAI?
Title
Download Manager <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter
Summary
The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_ids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.23
(semver)
|
Credits
Dale Mavers
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T12:00:05.442935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T12:01:51.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.23",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dale Mavers"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018user_ids\u2019 parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T04:27:04.280Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1adb414-8945-4e11-8770-dab3285d608e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.23/src/Admin/views/stats/history.php#L225"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-04T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-09-08T22:51:21.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-18T16:25:25.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10146",
"datePublished": "2025-09-19T04:27:04.280Z",
"dateReserved": "2025-09-08T22:36:06.157Z",
"dateUpdated": "2025-09-19T12:01:51.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4367 (GCVE-0-2025-4367)
Vulnerability from cvelistv5 – Published: 2025-06-19 03:40 – Updated: 2025-06-20 13:12
VLAI?
Title
Download Manager <= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.18
(semver)
|
Credits
Brian Sans-Souci
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T12:38:24.397807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:12:10.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.18",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Sans-Souci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T03:40:13.166Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/029956d7-6e3f-4159-9f53-05691e0262fc?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/dashboard/profile.php#L79"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/wpdm-functions.php#L200"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3313608%40download-manager\u0026old=3308801%40download-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-28T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-06-16T19:43:11.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-06-18T15:05:22.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-4367",
"datePublished": "2025-06-19T03:40:13.166Z",
"dateReserved": "2025-05-05T18:08:42.449Z",
"dateUpdated": "2025-06-20T13:12:10.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3404 (GCVE-0-2025-3404)
Vulnerability from cvelistv5 – Published: 2025-04-19 07:23 – Updated: 2025-04-21 14:11
VLAI?
Title
Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion
Summary
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity ?
8.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.12
(semver)
|
Credits
Brian Sans-Souci
Audrey François
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T14:11:07.637024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T14:11:45.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.12",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Sans-Souci"
},
{
"lang": "en",
"type": "finder",
"value": "Audrey Fran\u00e7ois"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-19T07:23:39.977Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21f8f5be-b513-4040-af39-c1a61d7e313f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.12/src/Admin/Menu/Packages.php#L45"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.12/src/Admin/Menu/Packages.php#L56"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-31T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-04-18T18:52:05.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3404",
"datePublished": "2025-04-19T07:23:39.977Z",
"dateReserved": "2025-04-07T10:27:00.760Z",
"dateUpdated": "2025-04-21T14:11:45.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3056 (GCVE-0-2025-3056)
Vulnerability from cvelistv5 – Published: 2025-04-18 08:21 – Updated: 2025-04-18 12:00
VLAI?
Title
Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.12
(semver)
|
Credits
Siavash Vaez Afshar
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T11:37:22.730415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T12:00:22.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.12",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Siavash Vaez Afshar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T08:21:37.036Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd9e6ba7-f107-4d7c-a7da-35e603f3a1a8?source=cve"
},
{
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3275196/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-17T19:29:16.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3056",
"datePublished": "2025-04-18T08:21:37.036Z",
"dateReserved": "2025-03-31T20:51:31.221Z",
"dateUpdated": "2025-04-18T12:00:22.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1785 (GCVE-0-2025-1785)
Vulnerability from cvelistv5 – Published: 2025-03-13 07:31 – Updated: 2025-03-13 20:13
VLAI?
Title
Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite
Summary
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service.
Severity ?
5.4 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.08
(semver)
|
Credits
zhuxuan wu
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T20:12:52.787359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T20:13:02.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.08",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zhuxuan wu"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the \u0027wpdm_newfile\u0027 action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T07:31:39.039Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5c7974-4c10-4880-8823-2accee3c0da4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3252990%40download-manager\u0026new=3252990%40download-manager\u0026sfp_email=\u0026sfph_mail=#file4"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-12T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1785",
"datePublished": "2025-03-13T07:31:39.039Z",
"dateReserved": "2025-02-28T16:12:41.242Z",
"dateUpdated": "2025-03-13T20:13:02.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11768 (GCVE-0-2024-11768)
Vulnerability from cvelistv5 – Published: 2024-12-19 05:24 – Updated: 2024-12-19 16:38
VLAI?
Title
Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files.
Severity ?
5.3 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.03
(semver)
|
Credits
Emiliano Versini
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-19T16:34:22.940689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T16:38:23.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.03",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Emiliano Versini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T05:24:56.535Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/feb915f4-66d6-4f46-949c-5354e414319b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/__/Apply.php#L376"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-02T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-12-18T16:22:49.000+00:00",
"value": "Disclosed"
}
],
"title": "Download manager \u003c= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11768",
"datePublished": "2024-12-19T05:24:56.535Z",
"dateReserved": "2024-11-26T15:16:24.789Z",
"dateUpdated": "2024-12-19T16:38:23.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11740 (GCVE-0-2024-11740)
Vulnerability from cvelistv5 – Published: 2024-12-19 05:24 – Updated: 2024-12-19 16:38
VLAI?
Title
Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution
Summary
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Severity ?
7.3 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.03
(semver)
|
Credits
Michael Mazzolini
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-19T16:34:25.581814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T16:38:30.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.03",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T05:24:55.981Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a7be578-5883-4cd3-963d-bf81c3af2003?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/views/shortcode-iframe.php#L203"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/Hooks.php#L42"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-19T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-12-18T16:22:49.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11740",
"datePublished": "2024-12-19T05:24:55.981Z",
"dateReserved": "2024-11-26T12:37:35.772Z",
"dateUpdated": "2024-12-19T16:38:30.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6208 (GCVE-0-2024-6208)
Vulnerability from cvelistv5 – Published: 2024-07-31 12:43 – Updated: 2024-07-31 16:33
VLAI?
Title
Download Manager <= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the 'cols' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.97
(semver)
|
Credits
Jack Taylor
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T16:32:55.052771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T16:33:02.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.97",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027wpdm_all_packages\u0027 shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the \u0027cols\u0027 parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T12:43:17.135Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7c67d2f8-d918-42ef-a301-27eed7fa41b2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=3097323#L302"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=3097323#L10"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3126662/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6208",
"datePublished": "2024-07-31T12:43:17.135Z",
"dateReserved": "2024-06-20T16:09:52.285Z",
"dateUpdated": "2024-07-31T16:33:02.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2098 (GCVE-0-2024-2098)
Vulnerability from cvelistv5 – Published: 2024-06-13 05:34 – Updated: 2024-08-01 19:03
VLAI?
Title
Download Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files.
Severity ?
7.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.89
(semver)
|
Credits
Moritz Öhrlein
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T14:53:39.905967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T14:53:50.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:38.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1301c8af-d81a-40f1-96fa-e8252309d8a4?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3072712/download-manager"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.89",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Moritz \u00d6hrlein"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the \u0027protectMediaLibrary\u0027 function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-289 Authentication Bypass by Alternate Name",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T05:34:44.893Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1301c8af-d81a-40f1-96fa-e8252309d8a4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3072712/download-manager"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-11T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-06-12T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.89 - Improper Authorization via protectMediaLibrary"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2098",
"datePublished": "2024-06-13T05:34:44.893Z",
"dateReserved": "2024-03-01T15:59:07.828Z",
"dateUpdated": "2024-08-01T19:03:38.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1766 (GCVE-0-2024-1766)
Vulnerability from cvelistv5 – Published: 2024-06-12 11:05 – Updated: 2024-08-01 18:48
VLAI?
Title
Download Manager <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.
Severity ?
4.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.86
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:w3eden:download_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "download_manager",
"vendor": "w3eden",
"versions": [
{
"lessThanOrEqual": "3.2.86",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T13:16:34.555528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T13:20:14.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9774c999-acb6-4c5f-ad6c-10979660b164?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/dashboard/edit-profile.php#L16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.86",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user\u0027s Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T11:05:08.210Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9774c999-acb6-4c5f-ad6c-10979660b164?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/dashboard/edit-profile.php#L16"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-11T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-06-11T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-1766",
"datePublished": "2024-06-12T11:05:08.210Z",
"dateReserved": "2024-02-22T16:31:27.978Z",
"dateUpdated": "2024-08-01T18:48:21.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5266 (GCVE-0-2024-5266)
Vulnerability from cvelistv5 – Published: 2024-06-12 08:33 – Updated: 2024-08-01 21:11
VLAI?
Title
Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes
Summary
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.92
(semver)
|
Credits
Jack Taylor
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:10:42.625142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:10:53.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e363a62-8d31-4140-878b-5034d6c7b6a1?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L216"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L261"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/views/dashboard/profile.php?rev=2558306#L79"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L32"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L71"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/views/link-templates/link-template-bsthumnail.php?rev=2558306#L5"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L63"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L255"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L337"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L315"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_user_dashboard-user-dashboard-short-code/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_package-single-package-embed-short-code/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_packages-wp_query-in-a-shortcode-for-download-manager-packages/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_search_result-shows-search-form/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_tag-query-all-downloads-from-specified-tags/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3096450/#file24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.92",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T08:33:18.925Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e363a62-8d31-4140-878b-5034d6c7b6a1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L216"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L261"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/views/dashboard/profile.php?rev=2558306#L79"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L32"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L71"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/views/link-templates/link-template-bsthumnail.php?rev=2558306#L5"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L63"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L255"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L337"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L315"
},
{
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_user_dashboard-user-dashboard-short-code/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_package-single-package-embed-short-code/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_packages-wp_query-in-a-shortcode-for-download-manager-packages/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_search_result-shows-search-form/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_tag-query-all-downloads-from-specified-tags/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3096450/#file24"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-11T19:58:22.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-5266",
"datePublished": "2024-06-12T08:33:18.925Z",
"dateReserved": "2024-05-23T12:32:56.390Z",
"dateUpdated": "2024-08-01T21:11:12.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4001 (GCVE-0-2024-4001)
Vulnerability from cvelistv5 – Published: 2024-06-05 11:01 – Updated: 2024-08-01 20:26
VLAI?
Title
Download Manager <= 3.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.93
(semver)
|
Credits
Thanh Nam Tran
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T14:45:47.635285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:45:54.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b478d88d-1423-4a33-b8ef-08b9e66a5d98?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3096459/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.93",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanh Nam Tran"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027wpdm_modal_login_form\u0027 shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T11:01:58.831Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b478d88d-1423-4a33-b8ef-08b9e66a5d98?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3096459/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-04T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4001",
"datePublished": "2024-06-05T11:01:58.831Z",
"dateReserved": "2024-04-19T15:11:28.420Z",
"dateUpdated": "2024-08-01T20:26:57.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4160 (GCVE-0-2024-4160)
Vulnerability from cvelistv5 – Published: 2024-05-31 09:31 – Updated: 2024-08-01 20:33
VLAI?
Title
Download Manager <= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.90
(semver)
|
Credits
Jack Taylor
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T13:51:09.688746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:54:41.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f51258a-e228-412f-9d97-28ab679136d7?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=2996137#L202"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_all_packages-list-all-downloads-in-tabular-format-in-a-page/"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3080781/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.90",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027wpdm-all-packages\u0027 shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T09:31:39.856Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f51258a-e228-412f-9d97-28ab679136d7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=2996137#L202"
},
{
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_all_packages-list-all-downloads-in-tabular-format-in-a-page/"
},
{
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3080781/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-30T20:30:54.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4160",
"datePublished": "2024-05-31T09:31:39.856Z",
"dateReserved": "2024-04-25T01:20:56.931Z",
"dateUpdated": "2024-08-01T20:33:52.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}