cleantalk
Vulnerabilities and Security Researches

Download Manager, c7624b475fdc9965e4feb7e8aeb5f8eedf454fcc

CVE, Research URL

c7624b475fdc9965e4feb7e8aeb5f8eedf454fcc

Home page URL

Security reports for Download Manager

Application

Download Manager

Published on
Jan 09, 2018
Research Description
Download Manager [download-manager] < 2.9.61 WordPress Download Manager <= 2.9.6 - Cross-Site Request Forgery The WordPress Download Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.6. This is due to missing or incorrect nonce validation on the wpdm_install_addon function. This makes it possible for unauthenticated attackers to install malicious plugins and/or packages via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.9.61.
Status
vulnerable
Previous vulnerability researches
FREE DOWNLOAD MANAGER (CVE-2024-49315) , Oct 19, 2024
CM Download Manager &#8211; Document and File Management (CVE-2025-24758) , Feb 19, 2025
CM Download Manager &#8211; Document and File Management (CVE-2020-27344) , Jun 06, 2024
CM Download Manager &#8211; Document and File Management (CVE-2014-8877) , Jun 06, 2024
CM Download Manager &#8211; Document and File Management (CVE-2024-1962) , Jun 06, 2024
New vulnerability
wpDataTables &#8211; WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin (CVE-2026-54825) , Jun 24, 2026
Interactive Content – H5P (CVE-2026-56006) , Jun 24, 2026
Transbank Webpay REST (CVE-2026-6858) , Jun 24, 2026
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-4610) , Jun 24, 2026
Paymob for WooCommerce (CVE-2026-56025) , Jun 24, 2026