cleantalk
Vulnerabilities and Security Researches

Download Manager, 2dbefbf8b0b9f63fcb15ce856bdbeb59159cb13d

CVE, Research URL

2dbefbf8b0b9f63fcb15ce856bdbeb59159cb13d

Home page URL

Security reports for Download Manager

Application

Download Manager

Published on
Dec 15, 2014
Research Description
Download Manager [download-manager] >= 2.7.0 - <= 2.7.4 WordPress Download Manager 2.7.4 - Remote Code Execution Download Manager plugin is prone to a remote code execution vulnerability via "/download-manager/wpdm-core.php". It allows attackers to execute arbitrary PHP code. Upgrade the plugin.
Affected versions
Min 2.7.0, max 2.7.4.
Status
vulnerable
Previous vulnerability researches
FREE DOWNLOAD MANAGER (CVE-2024-49315) , Oct 19, 2024
CM Download Manager &#8211; Document and File Management (CVE-2025-24758) , Feb 19, 2025
CM Download Manager &#8211; Document and File Management (CVE-2020-27344) , Jun 06, 2024
CM Download Manager &#8211; Document and File Management (CVE-2014-8877) , Jun 06, 2024
CM Download Manager &#8211; Document and File Management (CVE-2024-1962) , Jun 06, 2024
New vulnerability
wpDataTables &#8211; WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin (CVE-2026-54825) , Jun 24, 2026
Interactive Content – H5P (CVE-2026-56006) , Jun 24, 2026
Transbank Webpay REST (CVE-2026-6858) , Jun 24, 2026
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-4610) , Jun 24, 2026
Paymob for WooCommerce (CVE-2026-56025) , Jun 24, 2026