VYPR

Download Manager

by Wpdownloadmanager

Source repositories

CVEs (3)

  • CVE-2026-2426MedFeb 18, 2026
    risk 0.35cvss 6.5epss 0.01

    The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal…

  • CVE-2024-4001MedJun 5, 2024
    risk 0.35cvss 6.4epss 0.00

    The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2025-4798Jun 11, 2025
    risk 0.00cvss epss 0.00

    The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated…