cleantalk
Vulnerabilities and Security Researches

Download Manager, dcd868a17d34d1cc7c03e424780d2c8efb3bb492

CVE, Research URL

dcd868a17d34d1cc7c03e424780d2c8efb3bb492

Home page URL

Security reports for Download Manager

Application

Download Manager

Published on
Jun 27, 2017
Research Description
Download Manager [download-manager] < 2.9.46 WordPress Download Manager plugin <= 2.8.97 - Authenticated Arbitrary File Upload Vulnerability Authenticated Arbitrary File Upload Vulnerability exsists in WordPress WordPress Download Manager plugin <= 2.8.97 . It doesn't check what type of files you can upload so an attacker can upload .PHP files. Update the plugin.
Affected versions
max 2.9.46.
Status
vulnerable
Previous vulnerability researches
FREE DOWNLOAD MANAGER (CVE-2024-49315) , Oct 19, 2024
CM Download Manager &#8211; Document and File Management (CVE-2025-24758) , Feb 19, 2025
CM Download Manager &#8211; Document and File Management (CVE-2020-27344) , Jun 06, 2024
CM Download Manager &#8211; Document and File Management (CVE-2014-8877) , Jun 06, 2024
CM Download Manager &#8211; Document and File Management (CVE-2024-1962) , Jun 06, 2024
New vulnerability
wpDataTables &#8211; WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin (CVE-2026-54825) , Jun 24, 2026
Interactive Content – H5P (CVE-2026-56006) , Jun 24, 2026
Transbank Webpay REST (CVE-2026-6858) , Jun 24, 2026
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-4610) , Jun 24, 2026
Paymob for WooCommerce (CVE-2026-56025) , Jun 24, 2026