Codename065 Download Manager vulnerabilities

CVE-2026-4057 [MEDIUM] CWE-862 CVE-2026-4057: The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `makeMediaPublic()` and `makeMediaPrivate()` functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for `edit_posts` capability without verifying post ownership via `current_us

CVE-2026-5357 [MEDIUM] CWE-79 CVE-2026-5357: The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' parameter of the 'wpdm_members' shortcode in versions up to and including 3.3.52. This is due to insufficient input sanitization and output escaping on the user-supplied 'sid' shortcode attribute. The sid parameter is extracted without sanitization in t

CVE-2026-2571 [MEDIUM] CWE-200 CVE-2026-2571: The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a miss The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive information for any user on the site

CVE-2026-1666 [MEDIUM] CWE-79 CVE-2026-1666: The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'r The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirect_to' parameter in all versions up to, and including, 3.3.46. This is due to insufficient input sanitization and output escaping on the 'redirect_to' GET parameter in the login form shortcode. This makes it possible for unauthenticated attackers to

CVE-2025-15364 [HIGH] CWE-353 CVE-2025-15364: The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.40. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change user's passwords, except adm

CVE-2025-13498 [MEDIUM] CWE-862 CVE-2025-13498: The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive informat The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the `wpdm_media_access` AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retriev

CVE-2025-12177 [MEDIUM] CWE-321 CVE-2025-12177: The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cr The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired() and clearTempDataCPCron() functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs leading to deletion of expired posts and clearing cach

CVE-2025-10146 [MEDIUM] CWE-79 CVE-2025-10146: The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘u The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_ids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfu

CVE-2025-4367 [MEDIUM] CWE-80 CVE-2025-4367: The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugi The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above,

CVE-2025-3404 [HIGH] CWE-22 CVE-2025-3404: The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficie The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remo

CVE-2025-3056 [MEDIUM] CWE-79 CVE-2025-3056: The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will exe

CVE-2025-1785 [HIGH] CWE-22 CVE-2025-1785: The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service.

CVE-2024-11740 [HIGH] CWE-94 CVE-2024-11740: The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcode

CVE-2024-11768 [MEDIUM] CWE-285 CVE-2024-11768: The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protect The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files.

CVE-2024-6208 [MEDIUM] CWE-79 CVE-2024-6208: The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugi The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the 'cols' parameter. This makes it possible for authenticated attackers, with contributor-level access and above

CVE-2024-2098 [HIGH] CWE-289 CVE-2024-2098: The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an imp The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files.

CVE-2024-5266 [MEDIUM] CWE-79 CVE-2024-5266: The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_ The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authe

CVE-2024-1766 [MEDIUM] CWE-79 CVE-2024-1766: The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that

CVE-2024-4001 [MEDIUM] CWE-79 CVE-2024-4001: The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugi The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access a

CVE-2024-4160 [MEDIUM] CWE-79 CVE-2024-4160: The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugi The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and a