cleantalk
Vulnerabilities and Security Researches

WP-DownloadManager, CVE-2022-25606

CVE, Research URL

CVE-2022-25606

Home page URL

Security reports for WP-DownloadManager

Application

WP-DownloadManager

Published on
Mar 26, 2022
Research Description
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories.
Affected versions
max 1.68.7.
Status
vulnerable
Previous vulnerability researches
WP-DownloadManager (CVE-2021-44760) , Jun 06, 2024
WP-DownloadManager (CVE-2013-2697) , Jun 06, 2024
WP-DownloadManager (CVE-2022-25606) , Jun 06, 2024
WP-DownloadManager (CVE-2020-24141) , Jun 06, 2024
WP-DownloadManager (CVE-2022-25605) , Jun 06, 2024
New vulnerability
Master Blocks &#8211; Ultimate Gutenberg Blocks for Marketers (CVE-2025-10896) , Nov 11, 2025
Reuse Builder (CVE-2025-11812) , Nov 11, 2025
ShopLentor – WooCommerce Builder for Elementor &amp; Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-11823) , Nov 11, 2025
ShopLentor – WooCommerce Builder for Elementor &amp; Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-12493) , Nov 11, 2025
Gravity Forms Google Sheet Connector (CVE-2025-8606) , Nov 11, 2025