Download Manager < 3.3.07 – Unauthenticated Data Exposure | CVE 2024-13126

Affects Plugins

download-manager

Fixed in 3.3.07

References

CVE

CVE-2024-13126

URL

https://research.cleantalk.org/cve-2024-13126/

Classification

Type

FILE DOWNLOAD

OWASP top 10

A1: Injection

CWE

CWE-552

CVSS

5.3 (medium)

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/

Verified

Yes

WPVDB ID

c2c69a44-4ecc-41d1-a10c-cfe9c875b803

Timeline

Publicly Published

2025-02-23 (about 10 months ago)

Added

2025-02-23 (about 10 months ago)

Last Updated

2025-02-23 (about 10 months ago)

Other

Published

Title

Published

2022-09-19

Title

Download Monitor < 4.5.98 - Admin+ Arbitrary File Download

Published

2022-10-17

Title

WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi

Published

2025-02-27

Title

wpForo Forum < 2.4.2 - Subscriber+ Arbitrary File Read

Published

2024-07-09

Title

Secure Downloads < 1.2.3 - Admin+ Arbitrary File Download

Published

2025-12-22

Title

PhastPress < 3.8 - Unauthenticated Arbitrary File Read via Null Byte Injection