cleantalk
Vulnerabilities and Security Researches

Download Manager, CVE-2024-10706

CVE, Research URL

CVE-2024-10706

Home page URL

Security reports for Download Manager

Application

Download Manager

Published on
Dec 20, 2024
Research Description
The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 3.3.03.
Status
vulnerable
Previous vulnerability researches
Labinator Content Types Duplicator (CVE-2025-31809) , Apr 03, 2025
Theme Duplicator (CVE-2025-31845) , Apr 03, 2025
WP Bulk Post Duplicator (CVE-2025-28884) , Mar 13, 2025
Multisite Post Duplicator (CVE-2016-10944) , Jun 07, 2024
Theme File Duplicator (CVE-2025-27283) , Feb 27, 2025
New vulnerability
Total processing card payments for WooCommerce (CVE-2025-46486) , May 07, 2025
LearnPress – WordPress LMS Plugin (CVE-2025-24740) , May 07, 2025
Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts (CVE-2020-36834) , May 07, 2025
LTL Freight Quotes – Unishippers Edition (CVE-2025-22289) , May 06, 2025
LTL Freight Quotes – Unishippers Edition (CVE-2025-22284) , May 06, 2025