WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Download Manager < 3.2.49 - Multiple CSRF

Description

The plugin does not have CSRF check in place in some places, which could allow attackers to make a logged in admin perform unwanted actions

Affects Plugins

download-manager
Fixed in version 3.2.55

References

CVE
CVE-2022-36288

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Vlad Vector

Verified

No

WPVDB ID
fa02aaeb-99db-4925-bdf7-be1840ba7dd2

Timeline

Publicly Published

2022-08-01 (about 6 months ago)

Added

2022-08-24 (about 5 months ago)

Last Updated

2022-08-24 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin