🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Download Manager

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Download Manager

Information

Software Type	Plugin
Software Slug	download-manager (view on wordpress.org)
Software Status	Active
Software Author	codename065
Software Website	www.wpdownloadmanager.com
Software Downloads	8,494,632
Software Active Installs	100,000
Software Record Last Updated	April 25, 2024

Showing 41-47 of 47 Vulnerabilities

Download Manager <= 2.8.7 - Sensitive Information Disclosure via Directory Listing

5.3

CVE ID Unknown

Jan 19, 2016

Researcher: James Golovich

WordPress Download Manager <= 2.7.94 - Stored Cross-Site Scripting

6.4

CVE ID Unknown

Jul 16, 2015

Researcher: Filippos Mastrogiannis

WordPress Download Manager <= 2.7.4 - Remote Code Execution

9.8

CVE ID Unknown

Dec 15, 2014

Researcher: MICKAEL NADEAU (Sucuri)

WordPress Download Manager <= 2.7.2 - Authenticated Arbitrary Options Update

8.1

CVE-2014-9260

Nov 24, 2014

Researcher: Kacper Szurek

Download Manager <= 2.2.2 - Cross-Site Scripting

6.1

CVE ID Unknown

Aug 1, 2014

Researchers: Heine Pedersen, Torben Jensen

Download Manager < 2.5.9 - Stored Cross-Site Scripting

7.2

CVE-2013-7319

Dec 8, 2013

Researcher: Jeroen Diel

Download Manager <= 2.5.8 - Cross-Site Scripting

5.3

CVE ID Unknown

Dec 7, 2013

Researcher: Jeroen Diel

Title	CVE ID	CVSS	Researchers	Date
Download Manager <= 2.8.7 - Sensitive Information Disclosure via Directory Listing		5.3	James Golovich	January 19, 2016
WordPress Download Manager <= 2.7.94 - Stored Cross-Site Scripting		6.4	Filippos Mastrogiannis	July 16, 2015
WordPress Download Manager <= 2.7.4 - Remote Code Execution		9.8	MICKAEL NADEAU (Sucuri)	December 15, 2014
WordPress Download Manager <= 2.7.2 - Authenticated Arbitrary Options Update	CVE-2014-9260	8.1	Kacper Szurek	November 24, 2014
Download Manager <= 2.2.2 - Cross-Site Scripting		6.1	Heine Pedersen, Torben Jensen	August 1, 2014
Download Manager < 2.5.9 - Stored Cross-Site Scripting	CVE-2013-7319	7.2	Jeroen Diel	December 8, 2013
Download Manager <= 2.5.8 - Cross-Site Scripting		5.3	Jeroen Diel	December 7, 2013

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation