CM Download Manager – Document and File Management

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   CM Download Manager – Document and File Management

Information

Software Type Plugin
Software Slug cm-download-manager (view on wordpress.org)
Software Status Active
Software Author creativemindssolutions
Software Website www.cminds.com
Software Downloads 128,315
Software Active Installs 300
Software Record Last Updated May 2, 2024

9 Vulnerabilities

CM Download Manager < 2.9.1 - Cross-Site Request Forgery via editHeader
4.3
CVE-2024-1962
Mar 25, 2024
Researcher: Bob Matyas
CM Download Manager < 2.9.0 - Cross-Site Request Forgery via delHeader
4.3
CVE-2024-1232
Mar 25, 2024
Researcher: Sushmita Poudel
CM Download Manager < 2.9.0 - Cross-Site Request Forgery via unpublishHeader
4.3
CVE-2024-1231
Mar 25, 2024
Researcher: Sushmita Poudel
CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload
7.2
CVE-2022-3076
Sep 5, 2022
Researcher: Mika
CM Download Manager <= 2.7.0 - Cross-Site Scripting
6.1
CVE-2020-24145
Apr 13, 2021
Researcher: Suzhou Aurora Infinity Information Technology Co
CM Download Manager < 2.8.0 - Directory Traversal to Arbitrary File Deletion and Denial of Service
8.1
CVE-2020-24146
Apr 13, 2021
Researcher: Suzhou Aurora Infinity Information Technology Co
CM Download Manager <= 2.7.0 - Authenticated Stored Cross-Site Scripting
5.5
CVE-2020-27344
Oct 22, 2020
Researcher: qwebee
CM Download Manager <= 2.0.6 - Cross-Site Request Forgery to Cross-Site Scripting
6.1
CVE-2014-9129
Dec 1, 2014
Researcher: Henri Salo (fgeek)
CM Download Manager <= 2.0.3 - Code Injection
9.8
CVE-2014-8877
Nov 10, 2014
Researcher: Phi Le Ngoc
Title CVE ID CVSS Researchers Date
CM Download Manager < 2.9.1 - Cross-Site Request Forgery via editHeader CVE-2024-1962 4.3 Bob Matyas March 25, 2024
CM Download Manager < 2.9.0 - Cross-Site Request Forgery via delHeader CVE-2024-1232 4.3 Sushmita Poudel March 25, 2024
CM Download Manager < 2.9.0 - Cross-Site Request Forgery via unpublishHeader CVE-2024-1231 4.3 Sushmita Poudel March 25, 2024
CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload CVE-2022-3076 7.2 Mika September 5, 2022
CM Download Manager <= 2.7.0 - Cross-Site Scripting CVE-2020-24145 6.1 Suzhou Aurora Infinity Information Technology Co April 13, 2021
CM Download Manager < 2.8.0 - Directory Traversal to Arbitrary File Deletion and Denial of Service CVE-2020-24146 8.1 Suzhou Aurora Infinity Information Technology Co April 13, 2021
CM Download Manager <= 2.7.0 - Authenticated Stored Cross-Site Scripting CVE-2020-27344 5.5 qwebee October 22, 2020
CM Download Manager <= 2.0.6 - Cross-Site Request Forgery to Cross-Site Scripting CVE-2014-9129 6.1 Henri Salo (fgeek) December 1, 2014
CM Download Manager <= 2.0.3 - Code Injection CVE-2014-8877 9.8 Phi Le Ngoc November 10, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation