VYPR

Lana Downloads Manager

by WordPress

Source repositories

CVEs (3)

  • CVE-2022-2392MedAug 22, 2022
    risk 0.42cvss 6.5epss 0.01

    The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.

  • CVE-2025-7387MedJul 10, 2025
    risk 0.29cvss 5.5epss 0.00

    The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…

  • CVE-2025-2048MedApr 1, 2025
    risk 0.27cvss 4.1epss 0.00

    The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server