Cminds: Security Vulnerabilities
Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action.
CVSS Score
8.1
EPSS Score
0.017
Published
2021-07-07
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.
CVSS Score
6.1
EPSS Score
0.01
Published
2020-10-21
Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
CVSS Score
6.1
EPSS Score
0.044
Published
2016-10-10
Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php.
CVSS Score
6.8
EPSS Score
0.015
Published
2014-12-05
Page 3