Skip to main content

Cm Download Manager

7 CVEs product

Monthly

CVE-2024-1962 HIGH POC This Week

The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cm Download Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-1232 MEDIUM POC This Month

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cm Download Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-1231 MEDIUM POC This Month

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cm Download Manager
NVD WPScan
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-3076 HIGH POC This Week

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Cm Download Manager
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-27344 MEDIUM POC This Month

The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Cm Download Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2014-8877 CRITICAL POC THREAT Emergency

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 30.1%.

RCE WordPress PHP Code Injection Cm Download Manager
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
30.1%
Threat
4.4
CVE-2014-9129 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Cm Download Manager
NVD
CVSS 2.0
6.8
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH POC This Week

The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cm Download Manager
NVD WPScan
EPSS 0% CVSS 4.8
MEDIUM POC This Month

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cm Download Manager
NVD WPScan
EPSS 0% CVSS 6.8
MEDIUM POC This Month

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cm Download Manager
NVD WPScan
EPSS 1% CVSS 7.2
HIGH POC This Week

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Cm Download Manager
NVD GitHub
EPSS 30% 4.4 CVSS 10.0
CRITICAL POC THREAT Emergency

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 30.1%.

RCE WordPress PHP +2
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy