Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2168 | 1 Wpdownloadmanager | 1 Download Manager | 2022-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting | |||||
| CVE-2021-25069 | 1 Wpdownloadmanager | 1 Download Manager | 2022-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue | |||||