📦 Download Manager

The Download Manager WordPress plugin before version 6.3.0 exposes master key information without authentication, allowing attackers to bypass password protection and download any password-protected f...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress sites using the Download Manager plugin. When users click specially crafted links, the scripts execute in...

This vulnerability in the Download Manager WordPress plugin allows attackers to brute-force download access keys, bypassing role-based restrictions and password protections. Any WordPress site using a...

The Download Manager WordPress plugin before version 3.2.35 has REST API endpoints without proper authorization checks, allowing unauthenticated attackers to access sensitive information. This affects...

This vulnerability allows authenticated WordPress users with Author+ permissions to upload files with double extensions (like 'payload.php.png') that may execute as PHP code depending on server config...

The Download Manager WordPress plugin has a stored XSS vulnerability in all versions up to 3.3.18. Authenticated attackers with author-level access or higher can inject malicious scripts via the wpdm_...

The Download Manager plugin for WordPress has a directory traversal vulnerability that allows authenticated attackers with Author-level permissions or higher to overwrite certain file types outside in...

This vulnerability allows high-privilege WordPress users (like administrators) to inject malicious scripts into plugin settings, which then execute when other users view those settings. It affects Wor...

The Download Manager WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to download password-protected files without valid credentials. This affects all ...

This vulnerability in the Download Manager WordPress plugin allows attackers to inject malicious scripts via unsanitized shortcode parameters. When exploited, it enables cross-site scripting attacks t...

This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the Download Manager plugin's 'wpdm_all_packages' shortcode...

The Download Manager Pro WordPress plugin has a stored XSS vulnerability in multiple shortcodes that allows authenticated attackers with contributor access or higher to inject malicious scripts. These...

This stored XSS vulnerability in WordPress Download Manager plugin allows authenticated attackers with contributor-level access or higher to inject malicious scripts into website pages. When users vis...

This vulnerability in the WordPress Download Manager plugin allows attackers to bypass password protection on files, exposing sensitive information to unauthorized users. It affects all WordPress site...