W3eden: >> Download Manager >> 2.3.7 Security Vulnerabilities
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-11-04
Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.
CVSS Score
4.3
EPSS Score
0.063
Published
2014-02-06
Page 5