Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Download Manager — Vulnerabilities & Security Advisories 50

All 50 CVE vulnerabilities found in Download Manager, with AI-generated Chinese analysis, references, and POCs.

This is a vulnerability aggregation page for the Download Manager product, focusing on common weakness types such as input validation errors and path traversal issues. The page collects a comprehensive range of security flaws, including buffer overflows, remote code execution vulnerabilities, and cross-site scripting defects. These entries span from 2015 to the present, providing a longitudinal view of the product's security landscape as it evolved through multiple major and minor releases. The data source is derived from publicly available vendor advisories, third-party security research reports, and community-submitted disclosures that have been verified for accuracy and relevance to this specific software component. Here, users can discover and track a vendor's advisory history to understand the pace and response to security remediation efforts. The aggregated data allows analysts to understand a specific weakness class within the context of file handling and network download operations, revealing patterns in how similar flaws manifest across different versions. Furthermore, users can look up a product's vulnerability history to assess the overall security posture of the Download Manager over time. This resource serves as a neutral reference for security professionals, developers, and auditors who need to evaluate the risk profile of this software without the noise of unverified rumors. By consolidating these disparate data points, the page offers a clear, structured overview of known security issues, facilitating better decision-making regarding updates, mitigations, and potential risk acceptance for systems relying on this tool. The information is presented in a neutral, factual manner to support objective security assessments and compliance audits.

Vendor: W3 Eden, Inc.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4057 Download Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal CWE-862 4.3 Medium2026-04-10
CVE-2026-5357 Download Manager <= 3.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CWE-79 6.4 Medium2026-04-09
CVE-2026-39676 WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability CWE-862 5.3 Medium2026-04-08
CVE-2026-39615 WordPress Download Manager plugin <= 3.3.53 - Cross Site Scripting (XSS) vulnerability CWE-79 5.9 Medium2026-04-08
CVE-2026-2571 Download Manager <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter CWE-200 4.3 Medium2026-03-19
CVE-2026-1666 Download Manager <= 3.3.46 - Reflected Cross-Site Scripting via 'redirect_to' Parameter CWE-79 6.1 Medium2026-02-18
CVE-2025-15364 Download Manager <= 3.3.40 - Unauthenticated Limited Privilege Escalation via updatePassword CWE-353 7.3 High2026-01-06
CVE-2025-13498 Download Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure CWE-862 4.3 Medium2025-12-18
CVE-2025-63070 WordPress Download Manager plugin <= 3.3.32 - Sensitive Data Exposure vulnerability CWE-497 4.3 Medium2025-12-09
CVE-2025-12177 Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key CWE-321 5.3 Medium2025-11-08
CVE-2025-60093 WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability CWE-352 4.3 Medium2025-09-26
CVE-2025-60092 WordPress Download Manager Plugin <= 3.3.25 - Sensitive Data Exposure Vulnerability CWE-497 5.3 Medium2025-09-26
CVE-2025-10146 Download Manager <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter CWE-79 6.1 Medium2025-09-19
CVE-2025-4367 Download Manager <= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode CWE-80 6.4 Medium2025-06-19
CVE-2024-8284 Download Manager <= 3.2.98 - Admin+ Stored XSS 4.8AIMediumAI2025-05-15
CVE-2025-3404 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion CWE-22 8.8 High2025-04-19
CVE-2025-3056 Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CWE-79 5.4 Medium2025-04-18
CVE-2024-13126 Download Manager < 3.3.07 - Unauthenticated Data Exposure 7.5 -2025-03-16
CVE-2025-1785 Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite CWE-22 5.4 Medium2025-03-13
CVE-2024-56217 WordPress Download Manager plugin <= 3.3.03 - Broken Access Control vulnerability CWE-862 4.3 Medium2024-12-31
CVE-2024-10706 Download Manager < 3.3.03 - Admin+ Stored XSS 4.8 -2024-12-20
CVE-2024-11768 Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files CWE-285 5.3 Medium2024-12-19
CVE-2024-11740 Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution CWE-94 7.3 High2024-12-19
CVE-2024-8444 Download Manager < 3.3.00 - Contributor+ Stored XSS 6.1AIMediumAI2024-10-30
CVE-2024-6208 Download Manager <= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-07-31
CVE-2024-2098 Download Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary CWE-289 7.5 High2024-06-13
CVE-2024-1766 Download Manager <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting CWE-79 4.4 Medium2024-06-12
CVE-2024-5266 Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes CWE-79 6.4 Medium2024-06-12
CVE-2024-4001 Download Manager <= 3.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode CWE-79 6.4 Medium2024-06-05
CVE-2024-4160 Download Manager <= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode CWE-79 6.4 Medium2024-05-31

All 50 known CVE vulnerabilities affecting Download Manager with full Chinese analysis, references, and POCs where available.