WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Download Manager <= 2.9.60 - Cross-Site Request Forgery (CSRF)

Description

The WordPress Download Manager WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

download-manager
Fixed in version 2.9.61

References

URL
https://seclists.org/fulldisclosure/2018/Jan/32
URL
https://plugins.trac.wordpress.org/changeset/1790408/download-manager

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter
ethicalhack3r
Verified

No

WPVDB ID
ef20a37f-b2c2-4857-9267-1d5d17166b77

Timeline

Publicly Published

2018-01-09 (about 5 years ago)

Added

2018-01-10 (about 5 years ago)

Last Updated

2019-11-01 (about 3 years ago)

Our Other Services

WPScan WordPress Security Plugin