cleantalk
Vulnerabilities and Security Researches

WP-DownloadManager, CVE-2022-25606

CVE, Research URL

CVE-2022-25606

Home page URL

Security reports for WP-DownloadManager

Application

WP-DownloadManager

Published on
Mar 26, 2022
Research Description
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories.
Affected versions
max 1.68.7.
Status
vulnerable
Previous vulnerability researches
WP-DownloadManager (CVE-2021-44760) , Jun 06, 2024
WP-DownloadManager (CVE-2013-2697) , Jun 06, 2024
WP-DownloadManager (CVE-2022-25606) , Jun 06, 2024
WP-DownloadManager (CVE-2020-24141) , Jun 06, 2024
WP-DownloadManager (CVE-2022-25605) , Jun 06, 2024
New vulnerability
EmailKit -WooCommerce Email Customizer (CVE-2026-1925) , Apr 15, 2026
Icegram Express – Email Marketing, Newsletters and Automation for WordPress &amp; WooCommerce (CVE-2026-1651) , Apr 15, 2026
Contact Form builder with drag &amp; drop for WordPress &#8211; Kali Forms (CVE-2026-1860) , Apr 15, 2026
Related Posts by Taxonomy (CVE-2026-0916) , Apr 15, 2026
Ivory Search &#8211; WordPress Search Plugin (CVE-2026-1053) , Apr 15, 2026