Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (48 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2017-18032 1 W3eden 1 Download Manager 2025-03-21 N/A
The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.
CVE-2022-0828 1 W3eden 1 Download Manager 2025-03-21 7.5 High
The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.
CVE-2022-36288 1 W3eden 1 Download Manager 2025-03-21 5.4 Medium
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
CVE-2022-34347 1 W3eden 1 Download Manager 2025-03-21 4.2 Medium
Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
CVE-2019-15889 1 W3eden 1 Download Manager 2025-03-21 N/A
The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
CVE-2021-34639 1 W3eden 1 Download Manager 2025-03-21 7.5 High
Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions.
CVE-2022-2362 1 W3eden 1 Download Manager 2025-03-21 7.5 High
The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.
CVE-2024-56217 1 W3eden 1 Download Manager 2025-03-21 4.3 Medium
Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03.