PHP Download Manager
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-28964 | Med | 0.44 | 6.7 | 0.00 | Oct 22, 2021 | Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerability allows attackers to escalate local process privileges via unspecified vectors. | ||
| CVE-2024-2098 | Hig | 0.42 | 7.5 | 0.00 | Jun 13, 2024 | The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download… | ||
| CVE-2020-37234 | Med | 0.40 | 6.2 | 0.00 | May 16, 2026 | Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data exceeding 5000 bytes into the 'Open the following file when… | ||
| CVE-2024-4001 | Med | 0.35 | 6.4 | 0.00 | Jun 5, 2024 | The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This… | ||
| CVE-2005-3769 | 0.03 | — | 0.01 | Nov 23, 2005 | SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||
| CVE-2010-0995 | 0.01 | — | 0.07 | May 6, 2010 | Stack-based buffer overflow in Internet Download Manager (IDM) before 5.19 allows remote attackers to execute arbitrary code via a crafted FTP URI that causes unspecified "test sequences" to be sent from client to server. | |||
| CVE-2025-1785 | 0.00 | — | 0.01 | Mar 13, 2025 | The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types… | |||
| CVE-2024-10706 | 0.00 | — | 0.00 | Dec 20, 2024 | The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in… | |||
| CVE-2024-8444 | 0.00 | — | 0.00 | Oct 30, 2024 | The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting. |
- risk 0.44cvss 6.7epss 0.00
Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerability allows attackers to escalate local process privileges via unspecified vectors.
- risk 0.42cvss 7.5epss 0.00
The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download…
- risk 0.40cvss 6.2epss 0.00
Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data exceeding 5000 bytes into the 'Open the following file when…
- risk 0.35cvss 6.4epss 0.00
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This…
- CVE-2005-3769Nov 23, 2005risk 0.03cvss —epss 0.01
SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.
- CVE-2010-0995May 6, 2010risk 0.01cvss —epss 0.07
Stack-based buffer overflow in Internet Download Manager (IDM) before 5.19 allows remote attackers to execute arbitrary code via a crafted FTP URI that causes unspecified "test sequences" to be sent from client to server.
- CVE-2025-1785Mar 13, 2025risk 0.00cvss —epss 0.01
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types…
- CVE-2024-10706Dec 20, 2024risk 0.00cvss —epss 0.00
The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…
- CVE-2024-8444Oct 30, 2024risk 0.00cvss —epss 0.00
The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting.