WordPress Download Manager 漏洞列表
共找到 4 个与 WordPress Download Manager 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2019-15889: WordPress Download Manager <2.9.94 - Cross-Site Scripting POC
WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. -
CVE-2022-2168: WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting POC
The WordPress Download Manager plugin before version 3.2.44 does not properly sanitize and escape the user_ids parameter in the stats history dashboard. This allows authenticated attackers to perform Cross-Site Scripting attacks by injecting malicious JavaScript code. -
CVE-2023-6421: WordPress Download Manager - File Password Exposure POC
The WordPress Download Manager plugin contains a vulnerability that allows attackers to obtain passwords for password-protected downloads by sending a specially crafted request to the validate-password API endpoint. -
CVE-2024-13126: WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure POC
The WordPress Download Manager plugin before version 3.3.07 does not prevent directory listing on web servers that don't use htaccess, allowing unauthorized access to files stored in the download-manager-files directory.