) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:cminds:cm_download_manager:1.6.0:*:*:*:*:wordpress:*:*
- CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-3076 |
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example. Published: September 26, 2022; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |
| CVE-2020-27344 |
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. Published: October 21, 2020; 4:15:13 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2014-9129 |
Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php. Published: December 05, 2014; 10:59:04 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |