Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Download Manager — Vulnerabilities & Security Advisories 50

All 50 CVE vulnerabilities found in Download Manager, with AI-generated Chinese analysis, references, and POCs.

Vendor: W3 Eden, Inc.

CVE IDTitleCVSSSeverityPaused
CVE-2026-4057 Download Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal CWE-862 4.3 Medium2026-04-10
CVE-2026-5357 Download Manager <= 3.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CWE-79 6.4 Medium2026-04-09
CVE-2026-39676 WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability CWE-862 9.1AICriticalAI2026-04-08
CVE-2026-39615 WordPress Download Manager plugin <= 3.3.53 - Cross Site Scripting (XSS) vulnerability CWE-79 5.4AIMediumAI2026-04-08
CVE-2026-2571 Download Manager <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter CWE-200 4.3 Medium2026-03-19
CVE-2026-1666 Download Manager <= 3.3.46 - Reflected Cross-Site Scripting via 'redirect_to' Parameter CWE-79 6.1 Medium2026-02-18
CVE-2025-15364 Download Manager <= 3.3.40 - Unauthenticated Limited Privilege Escalation via updatePassword CWE-353 7.3 High2026-01-06
CVE-2025-13498 Download Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure CWE-862 4.3 Medium2025-12-18
CVE-2025-63070 WordPress Download Manager plugin <= 3.3.32 - Sensitive Data Exposure vulnerability CWE-497 7.5AIHighAI2025-12-09
CVE-2025-12177 Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key CWE-321 5.3 Medium2025-11-08
CVE-2025-60093 WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability CWE-352 4.3 Medium2025-09-26
CVE-2025-60092 WordPress Download Manager Plugin <= 3.3.25 - Sensitive Data Exposure Vulnerability CWE-497 5.3 Medium2025-09-26
CVE-2025-10146 Download Manager <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter CWE-79 6.1 Medium2025-09-19
CVE-2025-4367 Download Manager <= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode CWE-80 6.4 Medium2025-06-19
CVE-2024-8284 Download Manager <= 3.2.98 - Admin+ Stored XSS 4.8AIMediumAI2025-05-15
CVE-2025-3404 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion CWE-22 8.8 High2025-04-19
CVE-2025-3056 Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CWE-79 5.4 Medium2025-04-18
CVE-2024-13126 Download Manager < 3.3.07 - Unauthenticated Data Exposure 7.5 -2025-03-16
CVE-2025-1785 Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite CWE-22 5.4 Medium2025-03-13
CVE-2024-56217 WordPress Download Manager plugin <= 3.3.03 - Broken Access Control vulnerability CWE-862 4.3 Medium2024-12-31
CVE-2024-10706 Download Manager < 3.3.03 - Admin+ Stored XSS 4.8 -2024-12-20
CVE-2024-11768 Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files CWE-285 5.3 Medium2024-12-19
CVE-2024-11740 Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution CWE-94 7.3 High2024-12-19
CVE-2024-8444 Download Manager < 3.3.00 - Contributor+ Stored XSS 6.1AIMediumAI2024-10-30
CVE-2024-6208 Download Manager <= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-07-31
CVE-2024-2098 Download Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary CWE-289 7.5 High2024-06-13
CVE-2024-1766 Download Manager <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting CWE-79 4.4 Medium2024-06-12
CVE-2024-5266 Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes CWE-79 6.4 Medium2024-06-12
CVE-2024-4001 Download Manager <= 3.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode CWE-79 6.4 Medium2024-06-05
CVE-2024-4160 Download Manager <= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode CWE-79 6.4 Medium2024-05-31

All 50 known CVE vulnerabilities affecting Download Manager with full Chinese analysis, references, and POCs where available.