Search criteria
27 vulnerabilities by codename065
CVE-2025-12177 (GCVE-0-2025-12177)
Vulnerability from cvelistv5 – Published: 2025-11-08 03:27 – Updated: 2025-11-10 20:09
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired() and clearTempDataCPCron() functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs leading to deletion of expired posts and clearing cache.
Severity ?
5.3 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.30
(semver)
|
Credits
Jack Pas
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T20:03:13.844824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T20:09:53.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.30",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Pas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired() and clearTempDataCPCron() functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs leading to deletion of expired posts and clearing cache."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T03:27:45.992Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17d5253c-5000-40c7-a7fd-f75d4badfb5e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3390068%40download-manager\u0026new=3390068%40download-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-24T16:12:41.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12177",
"datePublished": "2025-11-08T03:27:45.992Z",
"dateReserved": "2025-10-24T15:57:21.778Z",
"dateUpdated": "2025-11-10T20:09:53.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10146 (GCVE-0-2025-10146)
Vulnerability from cvelistv5 – Published: 2025-09-19 04:27 – Updated: 2025-09-19 12:01
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_ids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.23
(semver)
|
Credits
Dale Mavers
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T12:00:05.442935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T12:01:51.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.23",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dale Mavers"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018user_ids\u2019 parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T04:27:04.280Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1adb414-8945-4e11-8770-dab3285d608e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.23/src/Admin/views/stats/history.php#L225"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-04T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-09-08T22:51:21.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-18T16:25:25.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10146",
"datePublished": "2025-09-19T04:27:04.280Z",
"dateReserved": "2025-09-08T22:36:06.157Z",
"dateUpdated": "2025-09-19T12:01:51.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4367 (GCVE-0-2025-4367)
Vulnerability from cvelistv5 – Published: 2025-06-19 03:40 – Updated: 2025-06-20 13:12
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.18
(semver)
|
Credits
Brian Sans-Souci
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T12:38:24.397807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:12:10.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.18",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Sans-Souci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T03:40:13.166Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/029956d7-6e3f-4159-9f53-05691e0262fc?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/dashboard/profile.php#L79"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/wpdm-functions.php#L200"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3313608%40download-manager\u0026old=3308801%40download-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-28T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-06-16T19:43:11.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-06-18T15:05:22.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-4367",
"datePublished": "2025-06-19T03:40:13.166Z",
"dateReserved": "2025-05-05T18:08:42.449Z",
"dateUpdated": "2025-06-20T13:12:10.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3404 (GCVE-0-2025-3404)
Vulnerability from cvelistv5 – Published: 2025-04-19 07:23 – Updated: 2025-04-21 14:11
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity ?
8.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.12
(semver)
|
Credits
Brian Sans-Souci
Audrey François
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T14:11:07.637024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T14:11:45.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.12",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Sans-Souci"
},
{
"lang": "en",
"type": "finder",
"value": "Audrey Fran\u00e7ois"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-19T07:23:39.977Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21f8f5be-b513-4040-af39-c1a61d7e313f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.12/src/Admin/Menu/Packages.php#L45"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.12/src/Admin/Menu/Packages.php#L56"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-31T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-04-18T18:52:05.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3404",
"datePublished": "2025-04-19T07:23:39.977Z",
"dateReserved": "2025-04-07T10:27:00.760Z",
"dateUpdated": "2025-04-21T14:11:45.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3056 (GCVE-0-2025-3056)
Vulnerability from cvelistv5 – Published: 2025-04-18 08:21 – Updated: 2025-04-18 12:00
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.12
(semver)
|
Credits
Siavash Vaez Afshar
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T11:37:22.730415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T12:00:22.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.12",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Siavash Vaez Afshar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T08:21:37.036Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd9e6ba7-f107-4d7c-a7da-35e603f3a1a8?source=cve"
},
{
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3275196/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-17T19:29:16.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3056",
"datePublished": "2025-04-18T08:21:37.036Z",
"dateReserved": "2025-03-31T20:51:31.221Z",
"dateUpdated": "2025-04-18T12:00:22.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1785 (GCVE-0-2025-1785)
Vulnerability from cvelistv5 – Published: 2025-03-13 07:31 – Updated: 2025-03-13 20:13
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service.
Severity ?
5.4 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.08
(semver)
|
Credits
zhuxuan wu
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T20:12:52.787359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T20:13:02.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.08",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zhuxuan wu"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the \u0027wpdm_newfile\u0027 action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T07:31:39.039Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5c7974-4c10-4880-8823-2accee3c0da4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3252990%40download-manager\u0026new=3252990%40download-manager\u0026sfp_email=\u0026sfph_mail=#file4"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-12T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1785",
"datePublished": "2025-03-13T07:31:39.039Z",
"dateReserved": "2025-02-28T16:12:41.242Z",
"dateUpdated": "2025-03-13T20:13:02.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11768 (GCVE-0-2024-11768)
Vulnerability from cvelistv5 – Published: 2024-12-19 05:24 – Updated: 2024-12-19 16:38
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files.
Severity ?
5.3 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.03
(semver)
|
Credits
Emiliano Versini
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-19T16:34:22.940689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T16:38:23.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.03",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Emiliano Versini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T05:24:56.535Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/feb915f4-66d6-4f46-949c-5354e414319b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/__/Apply.php#L376"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-02T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-12-18T16:22:49.000+00:00",
"value": "Disclosed"
}
],
"title": "Download manager \u003c= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11768",
"datePublished": "2024-12-19T05:24:56.535Z",
"dateReserved": "2024-11-26T15:16:24.789Z",
"dateUpdated": "2024-12-19T16:38:23.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11740 (GCVE-0-2024-11740)
Vulnerability from cvelistv5 – Published: 2024-12-19 05:24 – Updated: 2024-12-19 16:38
VLAI?
Summary
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Severity ?
7.3 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.3.03
(semver)
|
Credits
Michael Mazzolini
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-19T16:34:25.581814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T16:38:30.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.3.03",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T05:24:55.981Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a7be578-5883-4cd3-963d-bf81c3af2003?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/views/shortcode-iframe.php#L203"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/Hooks.php#L42"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-19T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-12-18T16:22:49.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11740",
"datePublished": "2024-12-19T05:24:55.981Z",
"dateReserved": "2024-11-26T12:37:35.772Z",
"dateUpdated": "2024-12-19T16:38:30.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11225 (GCVE-0-2024-11225)
Vulnerability from cvelistv5 – Published: 2024-11-22 05:33 – Updated: 2024-11-22 11:34
VLAI?
Summary
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Premium Packages – Sell Digital Products Securely |
Affected:
* , ≤ 5.9.3
(semver)
|
Credits
Peter Thaleikis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T11:28:50.961737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T11:34:08.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Premium Packages \u2013 Sell Digital Products Securely",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "5.9.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Premium Packages \u2013 Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T05:33:42.053Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e847fd-0932-4d65-a201-b86e39a33588?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/tags/5.9.3/includes/libs/functions.php#L584"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/tags/5.9.3/includes/libs/functions.php#L420"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/tags/5.9.3/includes/libs/functions.php#L422"
},
{
"url": "https://wordpress.org/plugins/wpdm-premium-packages/#developers"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-21T17:16:14.000+00:00",
"value": "Disclosed"
}
],
"title": "Premium Packages \u2013 Sell Digital Products Securely \u003c= 5.9.3 - Reflected Cross-Site Scripting via add_query_arg"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11225",
"datePublished": "2024-11-22T05:33:42.053Z",
"dateReserved": "2024-11-14T20:45:14.062Z",
"dateUpdated": "2024-11-22T11:34:08.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10164 (GCVE-0-2024-10164)
Vulnerability from cvelistv5 – Published: 2024-11-21 02:06 – Updated: 2024-11-21 11:40
VLAI?
Summary
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdmpp_pay_link shortcode in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Premium Packages – Sell Digital Products Securely |
Affected:
* , ≤ 5.9.3
(semver)
|
Credits
Peter Thaleikis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T11:31:55.942620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T11:40:10.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Premium Packages \u2013 Sell Digital Products Securely",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "5.9.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Premium Packages \u2013 Sell Digital Products Securely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s wpdmpp_pay_link shortcode in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T02:06:21.099Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c1758fc-5b0b-4071-b31b-1d72e34cc924?source=cve"
},
{
"url": "https://wordpress.org/plugins/wpdm-premium-packages/#developers"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T13:54:25.000+00:00",
"value": "Disclosed"
}
],
"title": "Premium Packages - Sell Digital Products Securely \u003c= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdmpp_pay_link Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10164",
"datePublished": "2024-11-21T02:06:21.099Z",
"dateReserved": "2024-10-18T19:37:59.773Z",
"dateUpdated": "2024-11-21T11:40:10.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7386 (GCVE-0-2024-7386)
Vulnerability from cvelistv5 – Published: 2024-09-25 02:04 – Updated: 2024-09-25 16:16
VLAI?
Summary
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund() function. This makes it possible for unauthenticated attackers to perform actions such as initiating refunds via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Premium Packages – Sell Digital Products Securely |
Affected:
* , ≤ 5.9.1
(semver)
|
Credits
Jonas Benjamin Friedli
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T13:19:18.552427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T13:32:29.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Premium Packages \u2013 Sell Digital Products Securely",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "5.9.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jonas Benjamin Friedli"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Premium Packages \u2013 Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund() function. This makes it possible for unauthenticated attackers to perform actions such as initiating refunds via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:16:08.153Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a714536-c6fd-495b-b774-104657329a74?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3156970%40wpdm-premium-packages\u0026new=3156970%40wpdm-premium-packages\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-24T12:16:17.000+00:00",
"value": "Disclosed"
}
],
"title": "Premium Packages \u2013 Sell Digital Products Securely \u003c= 5.9.1 - Cross-Site Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-7386",
"datePublished": "2024-09-25T02:04:58.768Z",
"dateReserved": "2024-08-01T14:59:33.917Z",
"dateUpdated": "2024-09-25T16:16:08.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7486 (GCVE-0-2024-7486)
Vulnerability from cvelistv5 – Published: 2024-08-08 01:50 – Updated: 2024-08-08 14:00
VLAI?
Summary
The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the 'wpeden_post_meta' post meta. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Severity ?
8.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | MultiPurpose |
Affected:
* , ≤ 1.2.0
(semver)
|
Credits
Francesco Carlucci
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:buywptemplates:multipurpose:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "multipurpose",
"vendor": "buywptemplates",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T13:57:28.508909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:00:17.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MultiPurpose",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "1.2.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the \u0027wpeden_post_meta\u0027 post meta. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:34.257Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e029bc15-8128-42d1-8874-b0689312cb35?source=cve"
},
{
"url": "https://themes.trac.wordpress.org/browser/multipurpose/1.2.0/functions.php#L134"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-07T13:13:10.000+00:00",
"value": "Disclosed"
}
],
"title": "MultiPurpose \u003c= 1.2.0 - Authenticated (Contributor+) PHP Object Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-7486",
"datePublished": "2024-08-08T01:50:34.257Z",
"dateReserved": "2024-08-05T12:45:19.110Z",
"dateUpdated": "2024-08-08T14:00:17.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7560 (GCVE-0-2024-7560)
Vulnerability from cvelistv5 – Published: 2024-08-08 01:50 – Updated: 2024-08-08 14:29
VLAI?
Summary
The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Severity ?
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | News Flash |
Affected:
* , ≤ 1.1.0
(semver)
|
Credits
Francesco Carlucci
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codename065:newsflash:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "newsflash",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T13:10:53.748536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:29:16.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "News Flash",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:33.721Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5631826-6975-41e9-a896-f2aa0581334f?source=cve"
},
{
"url": "https://themes.trac.wordpress.org/browser/news-flash/1.1.0/page.php#L8"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-07T13:00:55.000+00:00",
"value": "Disclosed"
}
],
"title": "News Flash \u003c= 1.1.0 - Authenticated (Editor+) PHP Object Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-7560",
"datePublished": "2024-08-08T01:50:33.721Z",
"dateReserved": "2024-08-06T14:42:47.109Z",
"dateUpdated": "2024-08-08T14:29:16.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6208 (GCVE-0-2024-6208)
Vulnerability from cvelistv5 – Published: 2024-07-31 12:43 – Updated: 2024-07-31 16:33
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the 'cols' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.97
(semver)
|
Credits
Jack Taylor
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T16:32:55.052771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T16:33:02.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.97",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027wpdm_all_packages\u0027 shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the \u0027cols\u0027 parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T12:43:17.135Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7c67d2f8-d918-42ef-a301-27eed7fa41b2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=3097323#L302"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=3097323#L10"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3126662/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6208",
"datePublished": "2024-07-31T12:43:17.135Z",
"dateReserved": "2024-06-20T16:09:52.285Z",
"dateUpdated": "2024-07-31T16:33:02.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2098 (GCVE-0-2024-2098)
Vulnerability from cvelistv5 – Published: 2024-06-13 05:34 – Updated: 2024-08-01 19:03
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files.
Severity ?
7.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.89
(semver)
|
Credits
Moritz Öhrlein
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T14:53:39.905967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T14:53:50.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:38.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1301c8af-d81a-40f1-96fa-e8252309d8a4?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3072712/download-manager"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.89",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Moritz \u00d6hrlein"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the \u0027protectMediaLibrary\u0027 function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-289 Authentication Bypass by Alternate Name",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T05:34:44.893Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1301c8af-d81a-40f1-96fa-e8252309d8a4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3072712/download-manager"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-11T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-06-12T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.89 - Improper Authorization via protectMediaLibrary"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2098",
"datePublished": "2024-06-13T05:34:44.893Z",
"dateReserved": "2024-03-01T15:59:07.828Z",
"dateUpdated": "2024-08-01T19:03:38.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1766 (GCVE-0-2024-1766)
Vulnerability from cvelistv5 – Published: 2024-06-12 11:05 – Updated: 2024-08-01 18:48
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.
Severity ?
4.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.86
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:w3eden:download_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "download_manager",
"vendor": "w3eden",
"versions": [
{
"lessThanOrEqual": "3.2.86",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T13:16:34.555528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T13:20:14.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9774c999-acb6-4c5f-ad6c-10979660b164?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/dashboard/edit-profile.php#L16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.86",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user\u0027s Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T11:05:08.210Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9774c999-acb6-4c5f-ad6c-10979660b164?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/dashboard/edit-profile.php#L16"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-11T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-06-11T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-1766",
"datePublished": "2024-06-12T11:05:08.210Z",
"dateReserved": "2024-02-22T16:31:27.978Z",
"dateUpdated": "2024-08-01T18:48:21.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5266 (GCVE-0-2024-5266)
Vulnerability from cvelistv5 – Published: 2024-06-12 08:33 – Updated: 2024-08-01 21:11
VLAI?
Summary
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.92
(semver)
|
Credits
Jack Taylor
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:10:42.625142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:10:53.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e363a62-8d31-4140-878b-5034d6c7b6a1?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L216"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L261"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/views/dashboard/profile.php?rev=2558306#L79"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L32"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L71"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/views/link-templates/link-template-bsthumnail.php?rev=2558306#L5"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L63"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L255"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L337"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L315"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_user_dashboard-user-dashboard-short-code/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_package-single-package-embed-short-code/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_packages-wp_query-in-a-shortcode-for-download-manager-packages/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_search_result-shows-search-form/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_tag-query-all-downloads-from-specified-tags/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3096450/#file24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.92",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T08:33:18.925Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e363a62-8d31-4140-878b-5034d6c7b6a1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L216"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/wpdm-functions.php?rev=3052986#L261"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/views/dashboard/profile.php?rev=2558306#L79"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L32"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/User/Dashboard.php?rev=2799791#L71"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/views/link-templates/link-template-bsthumnail.php?rev=2558306#L5"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L63"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L255"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L337"
},
{
"url": "https://plugins.trac.wordpress.org/log/download-manager/trunk/src/Package/Shortcodes.php?rev=3052986#L315"
},
{
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_user_dashboard-user-dashboard-short-code/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_package-single-package-embed-short-code/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_packages-wp_query-in-a-shortcode-for-download-manager-packages/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_search_result-shows-search-form/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_tag-query-all-downloads-from-specified-tags/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3096450/#file24"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-11T19:58:22.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-5266",
"datePublished": "2024-06-12T08:33:18.925Z",
"dateReserved": "2024-05-23T12:32:56.390Z",
"dateUpdated": "2024-08-01T21:11:12.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4001 (GCVE-0-2024-4001)
Vulnerability from cvelistv5 – Published: 2024-06-05 11:01 – Updated: 2024-08-01 20:26
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.93
(semver)
|
Credits
Thanh Nam Tran
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T14:45:47.635285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:45:54.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b478d88d-1423-4a33-b8ef-08b9e66a5d98?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3096459/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.93",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanh Nam Tran"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027wpdm_modal_login_form\u0027 shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T11:01:58.831Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b478d88d-1423-4a33-b8ef-08b9e66a5d98?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3096459/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-04T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4001",
"datePublished": "2024-06-05T11:01:58.831Z",
"dateReserved": "2024-04-19T15:11:28.420Z",
"dateUpdated": "2024-08-01T20:26:57.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4160 (GCVE-0-2024-4160)
Vulnerability from cvelistv5 – Published: 2024-05-31 09:31 – Updated: 2024-08-01 20:33
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.90
(semver)
|
Credits
Jack Taylor
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T13:51:09.688746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:54:41.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f51258a-e228-412f-9d97-28ab679136d7?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=2996137#L202"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_all_packages-list-all-downloads-in-tabular-format-in-a-page/"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3080781/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.90",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027wpdm-all-packages\u0027 shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T09:31:39.856Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f51258a-e228-412f-9d97-28ab679136d7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Package/views/all-packages-shortcode.php?rev=2996137#L202"
},
{
"url": "https://wordpress.org/plugins/download-manager/"
},
{
"url": "https://www.wpdownloadmanager.com/doc/short-codes/wpdm_all_packages-list-all-downloads-in-tabular-format-in-a-page/"
},
{
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3080781/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-30T20:30:54.000+00:00",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4160",
"datePublished": "2024-05-31T09:31:39.856Z",
"dateReserved": "2024-04-25T01:20:56.931Z",
"dateUpdated": "2024-08-01T20:33:52.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33938 (GCVE-0-2024-33938)
Vulnerability from cvelistv5 – Published: 2024-05-02 11:16 – Updated: 2024-08-02 02:42
VLAI?
Summary
Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).This issue affects Sliding Widgets: from n/a through 1.5.0.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Sliding Widgets |
Affected:
n/a , ≤ 1.5.0
(custom)
|
Credits
Dimas Maulana (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T15:08:57.533582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:54.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/sliding-widgets/wordpress-sliding-widgets-plugin-1-5-0-broken-access-control-to-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "sliding-widgets",
"product": "Sliding Widgets",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "1.5.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dimas Maulana (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects Sliding Widgets: from n/a through 1.5.0.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).This issue affects Sliding Widgets: from n/a through 1.5.0.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-02T11:16:20.912Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/sliding-widgets/wordpress-sliding-widgets-plugin-1-5-0-broken-access-control-to-xss-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Sliding Widgets plugin \u003c= 1.5.0 - Broken Access Control to XSS vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-33938",
"datePublished": "2024-05-02T11:16:20.912Z",
"dateReserved": "2024-04-29T08:10:25.154Z",
"dateUpdated": "2024-08-02T02:42:59.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6785 (GCVE-0-2023-6785)
Vulnerability from cvelistv5 – Published: 2024-03-13 15:26 – Updated: 2024-08-02 08:42
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published).
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.84
(semver)
|
Credits
wesley
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T17:33:50.113153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:17.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b3608ca-8ed6-46ff-8e57-d8b68f91b9f2?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3038209%40download-manager%2Ftrunk\u0026old=3022104%40download-manager%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.84",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284 Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T15:26:58.832Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b3608ca-8ed6-46ff-8e57-d8b68f91b9f2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3038209%40download-manager%2Ftrunk\u0026old=3022104%40download-manager%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-28T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6785",
"datePublished": "2024-03-13T15:26:58.832Z",
"dateReserved": "2023-12-13T15:52:15.178Z",
"dateUpdated": "2024-08-02T08:42:07.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6954 (GCVE-0-2023-6954)
Vulnerability from cvelistv5 – Published: 2024-03-13 15:26 – Updated: 2024-08-02 08:42
VLAI?
Summary
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.85
(semver)
|
Credits
Richard Telleng
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T18:46:07.223029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:15.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cdd64a4-040b-4dc9-a8df-dbecfeb928c8?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Category/Shortcodes.php#L14"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/Shortcodes.php#L106"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode-toolbar.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.85",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Richard Telleng"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T15:26:51.116Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cdd64a4-040b-4dc9-a8df-dbecfeb928c8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Category/Shortcodes.php#L14"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/Shortcodes.php#L106"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode-toolbar.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-28T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6954",
"datePublished": "2024-03-13T15:26:51.116Z",
"dateReserved": "2023-12-19T16:16:42.286Z",
"dateUpdated": "2024-08-02T08:42:08.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4293 (GCVE-0-2023-4293)
Vulnerability from cvelistv5 – Published: 2023-08-12 07:42 – Updated: 2025-02-05 19:36
VLAI?
Summary
The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmpp_update_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'profile[role]' parameter during a profile update.
Severity ?
8.8 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Premium Packages – Sell Digital Products Securely |
Affected:
* , ≤ 5.7.4
(semver)
|
Credits
Lana Codes
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/82137302-60ca-44d5-b087-dc96e2815fca?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/tags/5.7.4/wpdm-premium-packages.php#L1158"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2951917/wpdm-premium-packages#file5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4293",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:35:32.811535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T19:36:11.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Premium Packages \u2013 Sell Digital Products Securely",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "5.7.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lana Codes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the \u0027wpdmpp_update_profile\u0027 function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the \u0027profile[role]\u0027 parameter during a profile update."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-269 Improper Privilege Management",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-12T07:42:51.694Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/82137302-60ca-44d5-b087-dc96e2815fca?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/tags/5.7.4/wpdm-premium-packages.php#L1158"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2951917/wpdm-premium-packages#file5"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-10T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-08-10T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-08-11T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-4293",
"datePublished": "2023-08-12T07:42:51.694Z",
"dateReserved": "2023-08-10T12:51:45.345Z",
"dateUpdated": "2025-02-05T19:36:11.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2305 (GCVE-0-2023-2305)
Vulnerability from cvelistv5 – Published: 2023-06-09 05:33 – Updated: 2024-12-20 23:38
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.70
(semver)
|
Credits
Lana Codes
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a66bc196-e5f8-46b4-a81c-c888eb64021c?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/members.php#L10"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/login-form.php#L10"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/reg-form.php#L11"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2906403%40download-manager\u0026new=2906403%40download-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T23:24:47.222601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T23:38:38.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.70",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lana Codes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027wpdm_members\u0027, \u0027wpdm_login_form\u0027, \u0027wpdm_reg_form\u0027 shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-09T05:33:25.665Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a66bc196-e5f8-46b4-a81c-c888eb64021c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/members.php#L10"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/login-form.php#L10"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/reg-form.php#L11"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2906403%40download-manager\u0026new=2906403%40download-manager\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-25T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-04-25T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-05-12T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-2305",
"datePublished": "2023-06-09T05:33:25.665Z",
"dateReserved": "2023-04-26T13:52:44.616Z",
"dateUpdated": "2024-12-20T23:38:38.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2436 (GCVE-0-2022-2436)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2025-05-05 16:19
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
Severity ?
8.8 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.49
(semver)
|
Credits
Rasoul Jahanshahi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/471957f6-54c1-4268-b2e1-8efa391dcaec?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Admin/Menu/Packages.php#L68"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php\u0026new=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2436"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:14:14.522322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:19:22.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.49",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rasoul Jahanshahi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the \u0027file[package_dir]\u0027 parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T15:06:08.142Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/471957f6-54c1-4268-b2e1-8efa391dcaec?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Admin/Menu/Packages.php#L68"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php\u0026new=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2436"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-17T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2436",
"datePublished": "2022-09-06T17:18:57.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:19:22.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2101 (GCVE-0-2022-2101)
Vulnerability from cvelistv5 – Published: 2022-07-18 16:13 – Updated: 2024-08-03 00:24
VLAI?
Summary
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts on the file's page that will execute whenever an administrator accesses the editor area for the injected file page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.46
(semver)
|
Credits
Andrea Bocchetti
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b399929a-db33-419f-9218-b86ee88a9f1a?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/167573/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40andreabocchetti88/download-manager-3-2-43-contributor-cross-site-scripting-fa4970fba45c"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2750339%40download-manager\u0026new=2750339%40download-manager\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.46",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Bocchetti"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts on the file\u0027s page that will execute whenever an administrator accesses the editor area for the injected file page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T08:32:52.585Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b399929a-db33-419f-9218-b86ee88a9f1a?source=cve"
},
{
"url": "https://packetstormsecurity.com/files/167573/"
},
{
"url": "https://medium.com/%40andreabocchetti88/download-manager-3-2-43-contributor-cross-site-scripting-fa4970fba45c"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2750339%40download-manager\u0026new=2750339%40download-manager\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2101"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-06-21T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2101",
"datePublished": "2022-07-18T16:13:21",
"dateReserved": "2022-06-16T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1985 (GCVE-0-2022-1985)
Vulnerability from cvelistv5 – Published: 2022-06-13 12:44 – Updated: 2024-08-03 00:24
VLAI?
Summary
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file.
Severity ?
6.1 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
* , ≤ 3.2.42
(semver)
|
Credits
Rafie Muhammad
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79fcf18e-39f7-42f2-90e4-3a5bac3382e0?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2736071%40download-manager\u0026new=2736071%40download-manager\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1985"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2022/06/security-vulnerability-download-manager-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.42",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the \u0027frameid\u0027 parameter found in the ~/src/Package/views/shortcode-iframe.php file."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T08:32:40.216Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79fcf18e-39f7-42f2-90e4-3a5bac3382e0?source=cve"
},
{
"url": "https://wordpress.org/plugins/download-manager/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2736071%40download-manager\u0026new=2736071%40download-manager\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1985"
},
{
"url": "https://www.wordfence.com/blog/2022/06/security-vulnerability-download-manager-plugin/"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-05-31T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2022-06-02T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1985",
"datePublished": "2022-06-13T12:44:35",
"dateReserved": "2022-06-02T00:00:00",
"dateUpdated": "2024-08-03T00:24:43.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}