Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

codename065 — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting codename065. AI-powered Chinese analysis, POCs, and references for each vulnerability.

codename065 operates as a specialized software development entity, primarily focusing on enterprise-grade application frameworks and middleware solutions. Historical security audits reveal a pattern of vulnerabilities concentrated in input validation and authentication mechanisms, with Remote Code Execution (RCE) and Cross-Site Scripting (XSS) representing the most frequent critical flaws. Privilege escalation issues also appear regularly, suggesting persistent gaps in access control logic within their core architecture. While no single catastrophic data breach has been publicly attributed directly to this specific identifier, the accumulation of thirty-three CVEs indicates systemic weaknesses in their secure development lifecycle. These recurring issues highlight a need for rigorous static analysis and penetration testing before deployment. The entity’s security posture remains under scrutiny, as the high volume of disclosed defects suggests that remediation efforts have not fully addressed underlying architectural vulnerabilities, leaving customer deployments at continued risk of exploitation.

Top products by codename065: Download Manager Premium Packages – Sell Digital Products Securely Sliding Widgets News Flash MultiPurpose
CVE IDTitleCVSSSeverityPublished
CVE-2026-4057 Download Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal — Download ManagerCWE-862 4.3 Medium2026-04-10
CVE-2026-5357 Download Manager <= 3.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Download ManagerCWE-79 6.4 Medium2026-04-09
CVE-2026-2571 Download Manager <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter — Download ManagerCWE-200 4.3 Medium2026-03-19
CVE-2026-1666 Download Manager <= 3.3.46 - Reflected Cross-Site Scripting via 'redirect_to' Parameter — Download ManagerCWE-79 6.1 Medium2026-02-18
CVE-2025-15364 Download Manager <= 3.3.40 - Unauthenticated Limited Privilege Escalation via updatePassword — Download ManagerCWE-353 7.3 High2026-01-06
CVE-2025-13498 Download Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure — Download ManagerCWE-862 4.3 Medium2025-12-18
CVE-2025-12177 Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key — Download ManagerCWE-321 5.3 Medium2025-11-08
CVE-2025-10146 Download Manager <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter — Download ManagerCWE-79 6.1 Medium2025-09-19
CVE-2025-4367 Download Manager <= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode — Download ManagerCWE-80 6.4 Medium2025-06-19
CVE-2025-3404 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion — Download ManagerCWE-22 8.8 High2025-04-19
CVE-2025-3056 Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Download ManagerCWE-79 5.4 Medium2025-04-18
CVE-2025-1785 Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite — Download ManagerCWE-22 5.4 Medium2025-03-13
CVE-2024-11768 Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files — Download ManagerCWE-285 5.3 Medium2024-12-19
CVE-2024-11740 Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution — Download ManagerCWE-94 7.3 High2024-12-19
CVE-2024-11225 Premium Packages – Sell Digital Products Securely <= 5.9.3 - Reflected Cross-Site Scripting via add_query_arg — Premium Packages – Sell Digital Products SecurelyCWE-79 6.1 Medium2024-11-22
CVE-2024-10164 Premium Packages - Sell Digital Products Securely <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdmpp_pay_link Shortcode — Premium Packages – Sell Digital Products SecurelyCWE-79 6.4 Medium2024-11-21
CVE-2024-7386 Premium Packages – Sell Digital Products Securely <= 5.9.1 - Cross-Site Request Forgery — Premium Packages – Sell Digital Products SecurelyCWE-352 4.3 Medium2024-09-25
CVE-2024-7486 MultiPurpose <= 1.2.0 - Authenticated (Contributor+) PHP Object Injection — MultiPurposeCWE-502 8.8 High2024-08-08
CVE-2024-7560 News Flash <= 1.1.0 - Authenticated (Editor+) PHP Object Injection — News FlashCWE-502 7.2 High2024-08-08
CVE-2024-6208 Download Manager <= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Download ManagerCWE-79 6.4 Medium2024-07-31
CVE-2024-2098 Download Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary — Download ManagerCWE-289 7.5 High2024-06-13
CVE-2024-1766 Download Manager <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting — Download ManagerCWE-79 4.4 Medium2024-06-12
CVE-2024-5266 Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes — Download ManagerCWE-79 6.4 Medium2024-06-12
CVE-2024-4001 Download Manager <= 3.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode — Download ManagerCWE-79 6.4 Medium2024-06-05
CVE-2024-4160 Download Manager <= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode — Download ManagerCWE-79 6.4 Medium2024-05-31
CVE-2024-33938 WordPress Sliding Widgets plugin <= 1.5.0 - Broken Access Control to XSS vulnerability — Sliding WidgetsCWE-862 6.5 Medium2024-05-02
CVE-2023-6785 Download Manager <= 3.2.84 - Missing Authorization — Download ManagerCWE-284 5.3 Medium2024-03-13
CVE-2023-6954 Download Manager <= 3.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Download ManagerCWE-79 6.4 Medium2024-03-13
CVE-2023-4293 Premium Packages - Sell Digital Products Securely <= 5.7.4 - Arbitrary User Meta Update to Authenticated (Subscriber+) Privilege Escalation — Premium Packages – Sell Digital Products SecurelyCWE-269 8.8 High2023-08-12
CVE-2023-2305 Download Manager <= 3.2.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Download ManagerCWE-79 6.4 Medium2023-06-09

This page lists every published CVE security advisory associated with codename065. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.