CM Download Manager – Document and File Management

Information

Software Type Plugin
Software Slug cm-download-manager (view on wordpress.org)
Software Status Active
Software Author creativemindssolutions
Software Website www.cminds.com
Software Downloads 129,745
Software Active Installs 300
Software Record Last Updated November 14, 2024

9 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
CM Download Manager < 2.9.1 - Cross-Site Request Forgery via editHeader Patched CVE-2024-1962 4.3 Bob Matyas March 25, 2024
CM Download Manager < 2.9.0 - Cross-Site Request Forgery via delHeader Patched CVE-2024-1232 4.3 Sushmita Poudel March 25, 2024
CM Download Manager < 2.9.0 - Cross-Site Request Forgery via unpublishHeader Patched CVE-2024-1231 4.3 Sushmita Poudel March 25, 2024
CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload Patched CVE-2022-3076 7.2 Mika September 5, 2022
CM Download Manager <= 2.7.0 - Cross-Site Scripting Patched CVE-2020-24145 6.1 Suzhou Aurora Infinity Information Technology Co April 13, 2021
CM Download Manager < 2.8.0 - Directory Traversal to Arbitrary File Deletion and Denial of Service Patched CVE-2020-24146 8.1 Suzhou Aurora Infinity Information Technology Co April 13, 2021
CM Download Manager <= 2.7.0 - Authenticated Stored Cross-Site Scripting Patched CVE-2020-27344 5.5 qwebee October 22, 2020
CM Download Manager <= 2.0.6 - Cross-Site Request Forgery to Cross-Site Scripting Patched CVE-2014-9129 6.1 Henri Salo (fgeek) December 1, 2014
CM Download Manager <= 2.0.3 - Code Injection Patched CVE-2014-8877 9.8 Phi Le Ngoc November 10, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation