WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Download Manager < 3.2.49 - Multiple CSRF

Description

The plugin does not have CSRF check in place in some places, which could allow attackers to make a logged in admin perform unwanted actions

Affects Plugins

download-manager
Fixed in version 3.2.49

References

CVE
CVE-2022-36288

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Vlad Vector

Verified

No

WPVDB ID
fa02aaeb-99db-4925-bdf7-be1840ba7dd2

Timeline

Publicly Published

2022-08-01 (about 1 years ago)

Added

2022-08-24 (about 1 years ago)

Last Updated

2023-05-17 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin