logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Download Manager <= 2.9.45 - Cross-Site Request Forgery (CSRF)

Description

The WordPress Download Manager WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

download-manager

Fixed in version 2.9.46

References

URL

https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_download_manager_plugin.html

URL

https://seclists.org/fulldisclosure/2017/Feb/82

URL

https://plugins.trac.wordpress.org/changeset/1616450/download-manager

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

4f1196b4-807f-4238-8cfa-82046f786cb4

Timeline

Publicly Published

2017-03-01 (about 4 years ago)

Added

2017-03-03 (about 4 years ago)

Last Updated

2019-11-01 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin