WordPress Plugin Vulnerabilities

Download Manager <= 2.9.45 - Cross-Site Request Forgery (CSRF)

Description

The WordPress Download Manager WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
download-manager
Fixed in 2.9.46

References

URL
https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_download_manager_plugin.html
URL
https://seclists.org/fulldisclosure/2017/Feb/82
URL
https://plugins.trac.wordpress.org/changeset/1616450/download-manager

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
4f1196b4-807f-4238-8cfa-82046f786cb4

Timeline

Publicly Published
2017-03-01 (about 9 years ago)
Added
2017-03-03 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-05-24
Title
AZAN Plugin <= 0.6 - Stored XSS via CSRF
Published
2022-08-01
Title
Rich Reviews <= 1.9.19 - Arbitrary Reviews Deletion via CSRF
Published
2025-06-05
Title
WP Page Loading < 1.0.7 - Cross-Site Request Forgery
Published
2024-08-16
Title
Fonts < 3.7.8 - Cross-Site Request Forgery
Published
2025-01-07
Title
Virtual Bot <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting