cleantalk
Vulnerabilities and Security Researches

Download Manager, 475bb8d46bd97d6fc2a097080b3f99a444f3d59d

CVE, Research URL

475bb8d46bd97d6fc2a097080b3f99a444f3d59d

Home page URL

Security reports for Download Manager

Application

Download Manager

Published on
-
Research Description
Download Manager [download-manager] < 3.2.60 WordPress Download Manager Plugin <= 3.2.59 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Download Manager plugin to the latest available version (at least 3.2.60). Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Download Manager Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 3.2.60.
Affected versions
max 3.2.60.
Status
vulnerable
Previous vulnerability researches
FREE DOWNLOAD MANAGER (CVE-2024-49315) , Oct 19, 2024
CM Download Manager &#8211; Document and File Management (CVE-2025-24758) , Feb 19, 2025
CM Download Manager &#8211; Document and File Management (CVE-2020-27344) , Jun 06, 2024
CM Download Manager &#8211; Document and File Management (CVE-2014-8877) , Jun 06, 2024
CM Download Manager &#8211; Document and File Management (CVE-2024-1962) , Jun 06, 2024
New vulnerability
wpDataTables &#8211; WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin (CVE-2026-54825) , Jun 24, 2026
Interactive Content – H5P (CVE-2026-56006) , Jun 24, 2026
Transbank Webpay REST (CVE-2026-6858) , Jun 24, 2026
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-4610) , Jun 24, 2026
Paymob for WooCommerce (CVE-2026-56025) , Jun 24, 2026