Filtered by vendor W3eden
Subscriptions
Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0828 | 1 W3eden | 1 Download Manager | 2025-03-21 | 7.5 High |
| The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. | ||||
| CVE-2022-1985 | 1 W3eden | 1 Download Manager | 2025-03-21 | 6.1 Medium |
| The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file. | ||||
| CVE-2019-15889 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A |
| The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. | ||||
| CVE-2022-34347 | 1 W3eden | 1 Download Manager | 2025-03-21 | 4.2 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | ||||
| CVE-2022-2362 | 1 W3eden | 1 Download Manager | 2025-03-21 | 7.5 High |
| The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions. | ||||
| CVE-2023-2305 | 1 W3eden | 1 Download Manager | 2025-03-21 | 6.4 Medium |
| The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2022-36288 | 1 W3eden | 1 Download Manager | 2025-03-21 | 5.4 Medium |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | ||||
| CVE-2024-56217 | 1 W3eden | 1 Download Manager | 2025-03-21 | 4.3 Medium |
| Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03. | ||||
| CVE-2021-36896 | 1 W3eden | 1 Pricing Table | 2025-02-20 | 4.8 Medium |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2 | ||||
| CVE-2017-18497 | 1 W3eden | 1 Live Forms | 2024-11-21 | N/A |
| The liveforms plugin before 3.4.0 for WordPress has XSS. | ||||
| CVE-2015-9301 | 1 W3eden | 1 Live Forms | 2024-11-21 | N/A |
| The liveforms plugin before 3.2.0 for WordPress has SQL injection. | ||||