| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4057 | Download Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal | codename065 | Download Manager | Medium | 4.3 | 2026-04-10 01:24:59 | Deep Dive |
| CVE-2026-5357 | Download Manager <= 3.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | codename065 | Download Manager | Medium | 6.4 | 2026-04-09 02:25:06 | Deep Dive |
| CVE-2026-39676 | WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability | Shahjada | Download Manager | - | - | 2026-04-08 08:30:40 | Deep Dive |
| CVE-2026-39615 | WordPress Download Manager plugin <= 3.3.53 - Cross Site Scripting (XSS) vulnerability | Shahjada | Download Manager | - | - | 2026-04-08 08:30:25 | Deep Dive |
| CVE-2026-2571 | Download Manager <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter | codename065 | Download Manager | Medium | 4.3 | 2026-03-19 06:46:15 | Deep Dive |
| CVE-2019-25478 | GetGo Download Manager 6.2.2.3300 Buffer Overflow DoS | Getgosoft | GetGo Download Manager | High | 7.5 | 2026-03-11 18:23:19 | Deep Dive |
| CVE-2026-24956 | WordPress Download Manager Addons for Elementor plugin <= 1.3.0 - SQL Injection vulnerability | Shahjada | Download Manager Addons for Elementor | - | - | 2026-02-20 15:47:09 | Deep Dive |
| CVE-2026-1666 | Download Manager <= 3.3.46 - Reflected Cross-Site Scripting via 'redirect_to' Parameter | codename065 | Download Manager | Medium | 6.1 | 2026-02-18 06:42:41 | Deep Dive |
| CVE-2025-15364 | Download Manager <= 3.3.40 - Unauthenticated Limited Privilege Escalation via updatePassword | codename065 | Download Manager | High | 7.3 | 2026-01-06 01:50:13 | Deep Dive |
| CVE-2025-13498 | Download Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure | codename065 | Download Manager | Medium | 4.3 | 2025-12-18 07:20:46 | Deep Dive |
| CVE-2025-63070 | WordPress Download Manager plugin <= 3.3.32 - Sensitive Data Exposure vulnerability | Shahjada | Download Manager | - | - | 2025-12-09 14:52:36 | Deep Dive |
| CVE-2025-12177 | Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key | codename065 | Download Manager | Medium | 5.3 | 2025-11-08 03:27:46 | Deep Dive |
| CVE-2025-60093 | WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability | Shahjada | Download Manager | Medium | 4.3 | 2025-09-26 08:31:17 | Deep Dive |
| CVE-2025-60092 | WordPress Download Manager Plugin <= 3.3.25 - Sensitive Data Exposure Vulnerability | Shahjada | Download Manager | Medium | 5.3 | 2025-09-26 08:31:16 | Deep Dive |
| CVE-2025-10146 | Download Manager <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter | codename065 | Download Manager | Medium | 6.1 | 2025-09-19 04:27:04 | Deep Dive |
| CVE-2025-4367 | Download Manager <= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode | codename065 | Download Manager | Medium | 6.4 | 2025-06-19 03:40:13 | Deep Dive |
| CVE-2024-8284 | Download Manager <= 3.2.98 - Admin+ Stored XSS | Unknown | Download Manager | - | - | 2025-05-15 20:07:15 | Deep Dive |
| CVE-2025-3851 | Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure | themesgrove | Download Manager and Payment Form WordPress Plugin – WP SmartPay | Medium | 4.3 | 2025-05-07 01:43:07 | Deep Dive |
| CVE-2025-3404 | Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion | codename065 | Download Manager | High | 8.8 | 2025-04-19 07:23:40 | Deep Dive |
| CVE-2025-3056 | Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | codename065 | Download Manager | Medium | 5.4 | 2025-04-18 08:21:37 | Deep Dive |