Wp-downloadmanager Project Wp-downloadmanager — known CVE vulnerabilities
Every CVE whose affected-product data names Wp-downloadmanager Project Wp-downloadmanager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-4799 — CVSS 7.2 (high): The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can…
CVE-2020-24141 — CVSS 5.3 (medium): Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end…
CVE-2025-4798 — CVSS 4.9 (medium): The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due…