Wp-downloadmanager_project Wp-downloadmanager
6 CVEs affecting Wp-downloadmanager_project Wp-downloadmanager. Latest disclosed: 2025-06-11. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-4799 | High | 7.2 | 2025-06-11 | The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in… |
CVE-2020-24141 | Medium | 5.3 | 2021-07-07 | Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerab… |
CVE-2025-4798 | Medium | 4.9 | 2025-06-11 | The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restri… |
CVE-2022-25606 | Medium | 4.8 | 2022-03-25 | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable par… |
CVE-2022-25605 | Medium | 4.8 | 2022-03-18 | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable pa… |
CVE-2021-44760 | Medium | 4.8 | 2022-03-18 | Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions. |