cleantalk
Vulnerabilities and Security Researches

Download Manager, 394007c5-7923-46fe-bb4c-2377d66ff900

CVE, Research URL

394007c5-7923-46fe-bb4c-2377d66ff900

Home page URL

Security reports for Download Manager

Application

Download Manager

Published on
-
Research Description
Download Manager [download-manager] < 3.2.53 Download Manager &lt; 3.2.53 - Unauthenticated Reflected Cross-Site Scripting The plugin does not escape the $_SERVER[&#039;REQUEST_URI&#039;] parameter before outputting it back in an attribute of the modal login page (only available when users are not logged in), which could lead to Reflected Cross-Site Scripting in old web browsers.
Affected versions
max 3.2.53.
Status
vulnerable
Previous vulnerability researches
FREE DOWNLOAD MANAGER (CVE-2024-49315) , Oct 19, 2024
CM Download Manager &#8211; Document and File Management (CVE-2025-24758) , Feb 19, 2025
CM Download Manager &#8211; Document and File Management (CVE-2020-27344) , Jun 06, 2024
CM Download Manager &#8211; Document and File Management (CVE-2014-8877) , Jun 06, 2024
CM Download Manager &#8211; Document and File Management (CVE-2024-1962) , Jun 06, 2024
New vulnerability
wpDataTables &#8211; WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin (CVE-2026-54825) , Jun 24, 2026
Interactive Content – H5P (CVE-2026-56006) , Jun 24, 2026
Transbank Webpay REST (CVE-2026-6858) , Jun 24, 2026
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-4610) , Jun 24, 2026
Paymob for WooCommerce (CVE-2026-56025) , Jun 24, 2026