WordPress Plugin Vulnerabilities

Download Manager <= 2.9.60 - Cross-Site Request Forgery (CSRF)

Description

The WordPress Download Manager WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
download-manager
Fixed in 2.9.61

References

URL
https://seclists.org/fulldisclosure/2018/Jan/32
URL
https://plugins.trac.wordpress.org/changeset/1790408/download-manager

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
ef20a37f-b2c2-4857-9267-1d5d17166b77

Timeline

Publicly Published
2018-01-09 (about 6 years ago)
Added
2018-01-10 (about 6 years ago)
Last Updated
2019-11-01 (about 4 years ago)

Other

Published
Title
Published
2022-05-11
Title
Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF
Published
2022-01-25
Title
Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF
Published
2023-01-19
Title
SRS Simple Hits Counter < 1.1.1 - Settings Update via CSRF
Published
2020-04-07
Title
WP Lead Plus X <= 0.99 - Multiple Cross-Site Request Forgery (CSRF)
Published
2019-01-08
Title
MapSVG Lite < 3.3.0 - Cross-Site Request Forgery (CSRF)