cbcvebase.

Codename065 Download Manager vulnerabilities

26 known vulnerabilities affecting codename065/download_manager.

Total CVEs
26
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH6MEDIUM20

Vulnerabilities

Page 2 of 2
CVE-2025-3056P4MEDIUMCVSS 5.4≤ 3.3.122025-04-18
CVE-2025-3056 [MEDIUM] CWE-79 CVE-2025-3056: The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will exe
nvd
CVE-2025-13498P4MEDIUMCVSS 4.3≤ 3.3.322025-12-18
CVE-2025-13498 [MEDIUM] CWE-862 CVE-2025-13498: The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive informat The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the `wpdm_media_access` AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retriev
nvd
CVE-2025-10146P4MEDIUMCVSS 6.1≤ 3.3.232025-09-19
CVE-2025-10146 [MEDIUM] CWE-79 CVE-2025-10146: The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘u The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_ids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfu
nvd
CVE-2024-4001P4MEDIUMCVSS 5.4≤ 3.2.932024-06-05
CVE-2024-4001 [MEDIUM] CWE-79 CVE-2024-4001: The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugi The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access a
nvd
CVE-2025-4367P4MEDIUMCVSS 5.4≤ 3.3.182025-06-19
CVE-2025-4367 [MEDIUM] CWE-80 CVE-2025-4367: The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugi The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above,
nvd
CVE-2026-2571P4MEDIUMCVSS 4.3≤ 3.3.492026-03-19
CVE-2026-2571 [MEDIUM] CWE-200 CVE-2026-2571: The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a miss The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive information for any user on the site
nvd
Codename065 Download Manager vulnerabilities | cvebase