Filtered by vendor W3eden Subscriptions
Filtered by product Download Manager Subscriptions

Search

Switch to Advanced Search (Beta)
Total 46 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-34638 1 W3eden 1 Download Manager 2025-03-21 6.5 Medium
Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions.
CVE-2022-0828 1 W3eden 1 Download Manager 2025-03-21 7.5 High
The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.
CVE-2022-1985 1 W3eden 1 Download Manager 2025-03-21 6.1 Medium
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file.
CVE-2017-18032 1 W3eden 1 Download Manager 2025-03-21 N/A
The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.
CVE-2022-34347 1 W3eden 1 Download Manager 2025-03-21 4.2 Medium
Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
CVE-2024-56217 1 W3eden 1 Download Manager 2025-03-21 4.3 Medium
Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03.