W3Eden Download Manager vulnerabilities
48 known vulnerabilities affecting w3eden/download_manager.
Total CVEs
48
CISA KEV
0
Public exploits
8
Exploited in wild
2
Severity breakdown
HIGH16MEDIUM32
Vulnerabilities
Page 3 of 3
CVE-2024-8444P4MEDIUMCVSS 5.4fixed in 3.3.002024-10-30
CVE-2024-8444 [MEDIUM] CWE-79 CVE-2024-8444: The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode paramete
The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting.
nvd
CVE-2017-2217P4MEDIUMCVSS 6.1≤ 2.9.502017-07-07
CVE-2017-2217 [MEDIUM] CWE-601 CVE-2017-2217: Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote atta
Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
nvd
CVE-2022-34658P4MEDIUMCVSS 5.4≤ 3.2.482022-08-23
CVE-2022-34658 [MEDIUM] CWE-79 CVE-2022-34658: Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Ed
Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
nvd
CVE-2025-4367P4MEDIUMCVSS 5.4fixed in 3.3.192025-06-19
CVE-2025-4367 [MEDIUM] CWE-80 CVE-2025-4367: The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugi
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above,
nvd
CVE-2021-24773P4MEDIUMCVSS 4.8fixed in 3.2.162021-11-01
CVE-2021-24773 [MEDIUM] CWE-79 CVE-2021-24773: The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download s
The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed
nvd
CVE-2017-20093P4MEDIUMCVSS 4.3v2.8.992022-06-24
CVE-2017-20093 [MEDIUM] CWE-352 CVE-2017-20093: A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. A
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
nvd
CVE-2024-8284P4MEDIUMCVSS 4.8fixed in 3.2.992025-05-15
CVE-2024-8284 [MEDIUM] CWE-79 CVE-2024-8284: The Download Manager WordPress plugin before 3.2.99 does not sanitise and escape some of its setting
The Download Manager WordPress plugin before 3.2.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
nvd
CVE-2024-10706P4MEDIUMCVSS 4.8fixed in 3.3.032024-12-20
CVE-2024-10706 [MEDIUM] CWE-79 CVE-2024-10706: The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its setting
The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
nvd
← Previous3 / 3