Cminds Cm Download Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Cminds Cm Download Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2024-1962 — CVSS 8.8 (high): The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged…
CVE-2020-24146 — CVSS 8.1 (high): Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete…
CVE-2022-3076 — CVSS 7.2 (high): The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the…
CVE-2014-9129 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote…
CVE-2024-1231 — CVSS 6.8 (medium): The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged…
CVE-2020-24145 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote…
CVE-2024-1232 — CVSS 4.8 (medium): The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged…