Shodan
Vulnerabilities
Vulnerable Software
Cminds:  Security Vulnerabilities
CVE-2024-1232
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack
CVSS Score
4.8
EPSS Score
0.002
Published
2024-03-25
CVE-2024-1962
The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack
CVSS Score
8.8
EPSS Score
0.007
Published
2024-03-25
CVE-2023-30750
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10.
CVSS Score
8.5
EPSS Score
0.001
Published
2023-12-20
CVE-2023-28749
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-11-22
CVE-2023-31228
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-08-18
CVE-2023-25992
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM Answers plugin <= 3.1.9 versions.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-03-23
CVE-2022-3076
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-09-26
CVE-2021-24678
The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-04
CVE-2020-24145
Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-07-07
CVE-2020-24146
Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action.
CVSS Score
8.1
EPSS Score
0.008
Published
2021-07-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved