Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Download Manager — Vulnerabilities & Security Advisories 52

All 52 CVE vulnerabilities found in Download Manager, with AI-generated Chinese analysis, references, and POCs.

This page documents the vulnerability history for Download Manager, a software product developed by various vendors, specifically focusing on security weaknesses classified under common vulnerability enumeration types. It aggregates publicly reported security issues affecting this category of software, covering incidents from 2005 to the present day. The collection includes diverse weakness types such as buffer overflows, injection flaws, and path traversal vulnerabilities that have been identified in download manager applications across different operating systems and versions. Users can utilize this resource to track how a specific vendor has addressed security advisories over time, gaining insight into their patching cadence and response effectiveness. Furthermore, the page serves as a reference for understanding the prevalence and impact of specific weakness classes within the context of file transfer tools. Readers can look up a product’s vulnerability history to assess risk profiles before deployment or to research historical attack vectors that may still affect legacy installations. This centralized view eliminates the need to search multiple disparate sources for security data related to download management software. By providing a consolidated timeline of disclosed issues, the page aids security professionals, system administrators, and researchers in making informed decisions about software procurement, update strategies, and mitigation efforts. The data is sourced from official vendor security notices, independent security advisories, and recognized vulnerability databases. This approach ensures a comprehensive overview of the security posture of download manager products without overwhelming the user with unnecessary technical noise or redundant entries.

Vendor: W3 Eden, Inc.

CVE IDTitleCVSSSeverityPublished
CVE-2024-4001 Download Manager <= 3.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode CWE-79 6.4 Medium2024-06-05
CVE-2024-4160 Download Manager <= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode CWE-79 6.4 Medium2024-05-31
CVE-2024-32131 WordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerability CWE-200 5.3 Medium2024-05-17
CVE-2024-29114 WordPress Download Manager plugin <= 3.2.84 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-03-19
CVE-2023-6785 Download Manager <= 3.2.84 - Missing Authorization CWE-284 5.3 Medium2024-03-13
CVE-2023-6954 Download Manager <= 3.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-03-13
CVE-2023-6421 Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak 7.5 -2024-01-01
CVE-2023-2305 Download Manager <= 3.2.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2023-06-09
CVE-2023-1524 Download Manager < 3.2.71 - Broken Access Controls 6.5 -2023-05-30
CVE-2023-1809 Download Manager Pro < 6.3.0 - Unauthenticated Sensitive Information Disclosure 7.5 -2023-05-02
CVE-2022-45836 WordPress Download Manager Plugin <= 3.2.59 is vulnerable to Cross Site Scripting (XSS) CWE-79 7.1 Medium2023-04-18
CVE-2022-4476 Download Manager < 3.2.62 - Contributor+ Stored XSS 5.4 -2023-01-16
CVE-2022-2926 Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal CWE-22 4.9 -2022-09-26
CVE-2022-2436 Download Manager <= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization CWE-502 8.8 High2022-09-06
CVE-2022-2431 Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion CWE-73 8.1 High2022-09-06
CVE-2022-2362 Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction CWE-79 9.1 -2022-08-22
CVE-2022-2101 Download Manager <= 3.2.46 - Contributor+ Cross-Site Scripting CWE-79 6.4 Medium2022-07-18
CVE-2022-2168 Download Manager < 3.2.44 - Reflected Cross-Site Scripting CWE-79 6.1 -2022-07-17
CVE-2022-1985 Download Manager <= 3.2.42 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2022-06-13
CVE-2022-0828 Download Manager < 3.2.39 - Unauthenticated brute force of files master key 7.5 -2022-04-11
CVE-2021-25087 Wordpress Download Manager < 3.2.25 - Sensitive Information Disclosure CWE-862 7.5 -2022-03-07
CVE-2021-25069 WordPress Download Manager < 3.2.34 - Authenticated SQL Injection to Reflected XSS CWE-89 9.8 -2022-02-21

All 52 known CVE vulnerabilities affecting Download Manager with full Chinese analysis, references, and POCs where available.