Lesterchan
Products
4- 7 CVEs
- 6 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47341 | Hig | 0.46 | 7.1 | 0.00 | Oct 6, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lester Chan WP-DownloadManager wp-downloadmanager allows Reflected XSS.This issue affects WP-DownloadManager: from n/a through <= 1.68.8. | ||
| CVE-2026-2426 | Med | 0.35 | 6.5 | 0.01 | Feb 18, 2026 | The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal… | ||
| CVE-2026-2419 | Low | 0.11 | 2.7 | 0.01 | Feb 18, 2026 | The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences… | ||
| CVE-2024-39659 | 0.00 | — | 0.00 | Aug 1, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Stored XSS.This issue affects WP-PostRatings: from n/a through 1.91.1. | |||
| CVE-2023-40332 | 0.00 | — | 0.00 | Jun 4, 2024 | Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91. | |||
| CVE-2011-10006 | 0.00 | — | 0.00 | Apr 8, 2024 | A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version… | |||
| CVE-2021-25117 | 0.00 | — | 0.00 | Jan 16, 2024 | The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php). Even though the page is only accessible to administrators, and protected against CSRF… | |||
| CVE-2023-22715 | 0.00 | — | 0.00 | Mar 23, 2023 | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaMerZ' Chan WP-CommentNavi plugin <= 1.12.1 versions. | |||
| CVE-2022-40130 | 0.00 | — | 0.00 | Nov 18, 2022 | Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress. | |||
| CVE-2022-36422 | 0.00 | — | 0.00 | Sep 9, 2022 | Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP-PostRatings plugin <= 1.89 at WordPress. | |||
| CVE-2022-25606 | 0.00 | — | 0.01 | Mar 25, 2022 | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. | |||
| CVE-2022-25605 | 0.00 | — | 0.01 | Mar 18, 2022 | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. | |||
| CVE-2013-3252 | 0.00 | — | 0.01 | Apr 10, 2014 | Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. | |||
| CVE-2013-2697 | 0.00 | — | 0.01 | Apr 19, 2013 | Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||
| CVE-2011-4646 | 0.00 | — | 0.02 | Nov 30, 2011 | SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode… |
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lester Chan WP-DownloadManager wp-downloadmanager allows Reflected XSS.This issue affects WP-DownloadManager: from n/a through <= 1.68.8.
- risk 0.35cvss 6.5epss 0.01
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal…
- risk 0.11cvss 2.7epss 0.01
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences…
- CVE-2024-39659Aug 1, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Stored XSS.This issue affects WP-PostRatings: from n/a through 1.91.1.
- CVE-2023-40332Jun 4, 2024risk 0.00cvss —epss 0.00
Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91.
- CVE-2011-10006Apr 8, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version…
- CVE-2021-25117Jan 16, 2024risk 0.00cvss —epss 0.00
The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php). Even though the page is only accessible to administrators, and protected against CSRF…
- CVE-2023-22715Mar 23, 2023risk 0.00cvss —epss 0.00
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaMerZ' Chan WP-CommentNavi plugin <= 1.12.1 versions.
- CVE-2022-40130Nov 18, 2022risk 0.00cvss —epss 0.00
Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress.
- CVE-2022-36422Sep 9, 2022risk 0.00cvss —epss 0.00
Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP-PostRatings plugin <= 1.89 at WordPress.
- CVE-2022-25606Mar 25, 2022risk 0.00cvss —epss 0.01
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories.
- CVE-2022-25605Mar 18, 2022risk 0.00cvss —epss 0.01
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url.
- CVE-2013-3252Apr 10, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors.
- CVE-2013-2697Apr 19, 2013risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
- CVE-2011-4646Nov 30, 2011risk 0.00cvss —epss 0.02
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode…