cleantalk
Vulnerabilities and Security Researches

WP-DownloadManager, CVE-2013-2697

CVE, Research URL

CVE-2013-2697

Home page URL

Security reports for WP-DownloadManager

Application

WP-DownloadManager

Published on
Apr 19, 2013
Research Description
Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Affected versions
max 1.61.
Status
vulnerable
Previous vulnerability researches
WP-DownloadManager (CVE-2021-44760) , Jun 06, 2024
WP-DownloadManager (CVE-2013-2697) , Jun 06, 2024
WP-DownloadManager (CVE-2022-25606) , Jun 06, 2024
WP-DownloadManager (CVE-2020-24141) , Jun 06, 2024
WP-DownloadManager (CVE-2022-25605) , Jun 06, 2024
New vulnerability
Master Blocks – Ultimate Gutenberg Blocks for Marketers (CVE-2025-10896) , Nov 11, 2025
Reuse Builder (CVE-2025-11812) , Nov 11, 2025
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-11823) , Nov 11, 2025
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-12493) , Nov 11, 2025
Gravity Forms Google Sheet Connector (CVE-2025-8606) , Nov 11, 2025