WordPress Plugin Vulnerabilities

Download Manager < 3.2.49 - Multiple CSRF

Description

The plugin does not have CSRF check in place in some places, which could allow attackers to make a logged in admin perform unwanted actions

Affects Plugins

Plugin icon
download-manager
Fixed in 3.2.49

References

CVE
CVE-2022-36288

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Vlad Vector
Verified
No
WPVDB ID
fa02aaeb-99db-4925-bdf7-be1840ba7dd2

Timeline

Publicly Published
2022-08-01 (about 3 years ago)
Added
2022-08-24 (about 3 years ago)
Last Updated
2023-05-17 (about 2 years ago)

Other

Published
Title
Published
2024-03-11
Title
LadiApp <= 4.4 - Cross-Site Request Forgery via ladiflow_save_hook()
Published
2026-03-20
Title
Post Snippits <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update
Published
2024-02-22
Title
Colibri WP < 1.0.101 - Cross-Site Request Forgery to Limited Plugin Installation
Published
2025-09-22
Title
Force Update Translations < 0.6.0 - Cross-Site Request Forgery
Published
2025-10-13
Title
Slick Google Map <= 0.3 - Cross-Site Request Forgery