VYPR

Wp Downloadmanager

by Lesterchan

Source repositories

CVEs (6)

  • CVE-2024-47341HigOct 6, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lester Chan WP-DownloadManager wp-downloadmanager allows Reflected XSS.This issue affects WP-DownloadManager: from n/a through <= 1.68.8.

  • CVE-2026-2426MedFeb 18, 2026
    risk 0.35cvss 6.5epss 0.01

    The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal…

  • CVE-2026-2419LowFeb 18, 2026
    risk 0.11cvss 2.7epss 0.01

    The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences…

  • CVE-2022-25606Mar 25, 2022
    risk 0.00cvss epss 0.01

    Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories.

  • CVE-2022-25605Mar 18, 2022
    risk 0.00cvss epss 0.01

    Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url.

  • CVE-2013-2697Apr 19, 2013
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.