🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

CM Download Manager – Document and File Management

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > CM Download Manager – Document and File Management

Information

Software Type	Plugin
Software Slug	cm-download-manager (view on wordpress.org)
Software Status	Active
Software Author	creativemindssolutions
Software Website	www.cminds.com
Software Downloads	128,970
Software Active Installs	300
Software Record Last Updated	July 26, 2024

9 Vulnerabilities

CM Download Manager < 2.9.1 - Cross-Site Request Forgery via editHeader

4.3

CVE-2024-1962

Mar 25, 2024

Researcher: Bob Matyas

CM Download Manager < 2.9.0 - Cross-Site Request Forgery via delHeader

4.3

CVE-2024-1232

Mar 25, 2024

Researcher: Sushmita Poudel

CM Download Manager < 2.9.0 - Cross-Site Request Forgery via unpublishHeader

4.3

CVE-2024-1231

Mar 25, 2024

Researcher: Sushmita Poudel

CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2022-3076

Sep 5, 2022

Researcher: Mika

CM Download Manager <= 2.7.0 - Cross-Site Scripting

6.1

CVE-2020-24145

Apr 13, 2021

Researcher: Suzhou Aurora Infinity Information Technology Co

CM Download Manager < 2.8.0 - Directory Traversal to Arbitrary File Deletion and Denial of Service

8.1

CVE-2020-24146

Apr 13, 2021

Researcher: Suzhou Aurora Infinity Information Technology Co

CM Download Manager <= 2.7.0 - Authenticated Stored Cross-Site Scripting

5.5

CVE-2020-27344

Oct 22, 2020

Researcher: qwebee

CM Download Manager <= 2.0.6 - Cross-Site Request Forgery to Cross-Site Scripting

6.1

CVE-2014-9129

Dec 1, 2014

Researcher: Henri Salo (fgeek)

CM Download Manager <= 2.0.3 - Code Injection

9.8

CVE-2014-8877

Nov 10, 2014

Researcher: Phi Le Ngoc

Title	Status	CVE ID	CVSS	Researchers	Date
CM Download Manager < 2.9.1 - Cross-Site Request Forgery via editHeader	Patched	CVE-2024-1962	4.3	Bob Matyas	March 25, 2024
CM Download Manager < 2.9.0 - Cross-Site Request Forgery via delHeader	Patched	CVE-2024-1232	4.3	Sushmita Poudel	March 25, 2024
CM Download Manager < 2.9.0 - Cross-Site Request Forgery via unpublishHeader	Patched	CVE-2024-1231	4.3	Sushmita Poudel	March 25, 2024
CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload	Patched	CVE-2022-3076	7.2	Mika	September 5, 2022
CM Download Manager <= 2.7.0 - Cross-Site Scripting	Patched	CVE-2020-24145	6.1	Suzhou Aurora Infinity Information Technology Co	April 13, 2021
CM Download Manager < 2.8.0 - Directory Traversal to Arbitrary File Deletion and Denial of Service	Patched	CVE-2020-24146	8.1	Suzhou Aurora Infinity Information Technology Co	April 13, 2021
CM Download Manager <= 2.7.0 - Authenticated Stored Cross-Site Scripting	Patched	CVE-2020-27344	5.5	qwebee	October 22, 2020
CM Download Manager <= 2.0.6 - Cross-Site Request Forgery to Cross-Site Scripting	Patched	CVE-2014-9129	6.1	Henri Salo (fgeek)	December 1, 2014
CM Download Manager <= 2.0.3 - Code Injection	Patched	CVE-2014-8877	9.8	Phi Le Ngoc	November 10, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation