VYPR
Vendor

PHP Download Manager

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2020-28964MedOct 22, 2021
    risk 0.44cvss 6.7epss 0.00

    Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerability allows attackers to escalate local process privileges via unspecified vectors.

  • CVE-2024-2098HigJun 13, 2024
    risk 0.42cvss 7.5epss 0.00

    The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download…

  • CVE-2020-37234MedMay 16, 2026
    risk 0.40cvss 6.2epss 0.00

    Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data exceeding 5000 bytes into the 'Open the following file when…

  • CVE-2024-4001MedJun 5, 2024
    risk 0.35cvss 6.4epss 0.00

    The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2005-3769Nov 23, 2005
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.

  • CVE-2010-0995May 6, 2010
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in Internet Download Manager (IDM) before 5.19 allows remote attackers to execute arbitrary code via a crafted FTP URI that causes unspecified "test sequences" to be sent from client to server.

  • CVE-2025-1785Mar 13, 2025
    risk 0.00cvss epss 0.01

    The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types…

  • CVE-2024-10706Dec 20, 2024
    risk 0.00cvss epss 0.00

    The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2024-8444Oct 30, 2024
    risk 0.00cvss epss 0.00

    The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting.