CVE-2014-9129 — Cross-Site Request Forgery in CM Download Manager

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.3%

top 50.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cminds CM Download Manager

Timeline

PublishedDec 5

Latest updateMay 14

Description

Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDcminds/cm_download_manager2.0.6

🔴Vulnerability Details

GHSA

GHSA-p437-qg7q-wh7p: Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2↗2022-05-14

▶

CVEList

CVE-2014-9129: Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2↗2014-12-05

▶