Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Download Manager — Vulnerabilities & Security Advisories 52

All 52 CVE vulnerabilities found in Download Manager, with AI-generated Chinese analysis, references, and POCs.

This page documents the vulnerability history for Download Manager, a software product developed by various vendors, specifically focusing on security weaknesses classified under common vulnerability enumeration types. It aggregates publicly reported security issues affecting this category of software, covering incidents from 2005 to the present day. The collection includes diverse weakness types such as buffer overflows, injection flaws, and path traversal vulnerabilities that have been identified in download manager applications across different operating systems and versions. Users can utilize this resource to track how a specific vendor has addressed security advisories over time, gaining insight into their patching cadence and response effectiveness. Furthermore, the page serves as a reference for understanding the prevalence and impact of specific weakness classes within the context of file transfer tools. Readers can look up a product’s vulnerability history to assess risk profiles before deployment or to research historical attack vectors that may still affect legacy installations. This centralized view eliminates the need to search multiple disparate sources for security data related to download management software. By providing a consolidated timeline of disclosed issues, the page aids security professionals, system administrators, and researchers in making informed decisions about software procurement, update strategies, and mitigation efforts. The data is sourced from official vendor security notices, independent security advisories, and recognized vulnerability databases. This approach ensures a comprehensive overview of the security posture of download manager products without overwhelming the user with unnecessary technical noise or redundant entries.

Vendor: W3 Eden, Inc.

CVE IDTitleCVSSSeverityPublished
CVE-2026-14343 Download Manager <= 3.3.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'note_before' and 'note_after' Shortcode Attributes CWE-79 6.4 Medium2026-07-09
CVE-2026-13733 Download Manager <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'no_data_msg' Shortcode Attribute CWE-79 6.4 Medium2026-07-01
CVE-2026-4057 Download Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal CWE-862 4.3 Medium2026-04-10
CVE-2026-5357 Download Manager <= 3.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CWE-79 6.4 Medium2026-04-09
CVE-2026-39676 WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability CWE-862 5.3 Medium2026-04-08
CVE-2026-39615 WordPress Download Manager plugin <= 3.3.53 - Cross Site Scripting (XSS) vulnerability CWE-79 5.9 Medium2026-04-08
CVE-2026-2571 Download Manager <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter CWE-200 4.3 Medium2026-03-19
CVE-2026-1666 Download Manager <= 3.3.46 - Reflected Cross-Site Scripting via 'redirect_to' Parameter CWE-79 6.1 Medium2026-02-18
CVE-2025-15364 Download Manager <= 3.3.40 - Unauthenticated Limited Privilege Escalation via updatePassword CWE-353 7.3 High2026-01-06
CVE-2025-13498 Download Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure CWE-862 4.3 Medium2025-12-18
CVE-2025-63070 WordPress Download Manager plugin <= 3.3.32 - Sensitive Data Exposure vulnerability CWE-497 4.3 Medium2025-12-09
CVE-2025-12177 Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key CWE-321 5.3 Medium2025-11-08
CVE-2025-60093 WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability CWE-352 4.3 Medium2025-09-26
CVE-2025-60092 WordPress Download Manager Plugin <= 3.3.25 - Sensitive Data Exposure Vulnerability CWE-497 5.3 Medium2025-09-26
CVE-2025-10146 Download Manager <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter CWE-79 6.1 Medium2025-09-19
CVE-2025-4367 Download Manager <= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode CWE-80 6.4 Medium2025-06-19
CVE-2024-8284 Download Manager <= 3.2.98 - Admin+ Stored XSS 4.8AIMediumAI2025-05-15
CVE-2025-3404 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion CWE-22 8.8 High2025-04-19
CVE-2025-3056 Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CWE-79 5.4 Medium2025-04-18
CVE-2024-13126 Download Manager < 3.3.07 - Unauthenticated Data Exposure 7.5 -2025-03-16
CVE-2025-1785 Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite CWE-22 5.4 Medium2025-03-13
CVE-2024-56217 WordPress Download Manager plugin <= 3.3.03 - Broken Access Control vulnerability CWE-862 4.3 Medium2024-12-31
CVE-2024-10706 Download Manager < 3.3.03 - Admin+ Stored XSS 4.8 -2024-12-20
CVE-2024-11768 Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files CWE-285 5.3 Medium2024-12-19
CVE-2024-11740 Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution CWE-94 7.3 High2024-12-19
CVE-2024-8444 Download Manager < 3.3.00 - Contributor+ Stored XSS 6.1AIMediumAI2024-10-30
CVE-2024-6208 Download Manager <= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-07-31
CVE-2024-2098 Download Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary CWE-289 7.5 High2024-06-13
CVE-2024-1766 Download Manager <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting CWE-79 4.4 Medium2024-06-12
CVE-2024-5266 Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes CWE-79 6.4 Medium2024-06-12

All 52 known CVE vulnerabilities affecting Download Manager with full Chinese analysis, references, and POCs where available.