Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total47
Critical0
High13
Medium34
Reset
Showing 41-47 of 47 records
Threat Entry Updated 2025-03-21

CVE-2022-0828 - Download Manager Plugin

The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.

PLUGIN Download Manager

CVE-2022-0828

HIGH CVSS 7.5 2022-04-11
Open Full Technical Breakdown
Threat Entry Updated 2025-03-21

CVE-2021-25087 - Download Manager Plugin

The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25).

PLUGIN Download Manager

CVE-2021-25087

HIGH CVSS 7.5 2022-03-07
Open Full Technical Breakdown
Threat Entry Updated 2025-03-21

CVE-2021-25069 - Download Manager Plugin

The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue

PLUGIN Download Manager

CVE-2021-25069

HIGH CVSS 8.8 2022-02-21
Open Full Technical Breakdown
Threat Entry Updated 2025-03-21

CVE-2021-24969 - Download Manager Plugin

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks

PLUGIN Download Manager

CVE-2021-24969

MEDIUM CVSS 5.4 2021-12-27
Open Full Technical Breakdown
Threat Entry Updated 2025-03-21

CVE-2021-24773 - Download Manager Plugin

The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed

PLUGIN Download Manager

CVE-2021-24773

MEDIUM CVSS 4.8 2021-11-01
Open Full Technical Breakdown
Scroll to top