Download Manager
Shahjada
Developer
3.3.52
Latest version
100,000
Installations
No date
Last updated
Vulnerability history
0 present
65 patched
15 Mitigation rules
- Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter vulnerability<= 3.3.4919/03/2026
- Reflected Cross-Site Scripting via 'redirect_to' Parameter vulnerability<= 3.3.4618/02/2026
- Unauthenticated Limited Privilege Escalation via updatePassword vulnerability<= 3.3.4006/01/2026
- Unauthenticated Cron Trigger due to Hardcoded Cron Key vulnerability<= 3.3.3010/11/2025
- Sensitive Data Exposure vulnerability<= 3.3.3230/09/2025
- Cross Site Request Forgery (CSRF) Vulnerability<= 3.3.2426/09/2025
- Sensitive Data Exposure Vulnerability<= 3.3.2526/09/2025
- Reflected Cross-Site Scripting via `user_ids` Parameter vulnerability<= 3.3.2318/09/2025
- Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode vulnerability<= 3.3.1819/06/2025
- Admin+ Stored XSS vulnerability<= 3.2.9819/05/2025
- Authenticated (Author+) Arbitrary File Deletion vulnerability<= 3.3.1219/04/2025
- Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability<= 3.3.1217/04/2025
- Authenticated (Author+) Path Traversal to Limited File Overwrite vulnerability<= 3.3.0812/03/2025
- Unauthenticated Information Disclosure via Unprotected Directory vulnerability<= 3.3.0608/03/2025
- Admin+ Stored XSS vulnerability< 3.3.0320/12/2024
- Broken Access Control vulnerability<= 3.3.0319/12/2024
- Unauthenticated Arbitrary Shortcode Execution vulnerability<= 3.3.0318/12/2024
- Improper Authorization to Unauthenticated Download of Password-Protected Files vulnerability<= 3.3.0318/12/2024
- Contributor+ Stored XSS vulnerability< 3.3.0030/10/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.2.9731/07/2024
- Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting vulnerability<= 3.2.8612/06/2024
- Improper Authorization via protectMediaLibrary vulnerability<= 3.2.8912/06/2024
- Authenticated Stored Cross-Site Scripting vulnerability<= 3.2.9211/06/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode vulnerability<= 3.2.9305/06/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode vulnerability<= 3.2.9031/05/2024
- File Password Lock Bypass vulnerability<= 3.2.8212/04/2024
- Cross Site Scripting (XSS) vulnerability<= 3.2.8416/03/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.2.8528/02/2024
- Missing Authorization vulnerability<= 3.2.8428/02/2024
- Broken Access Controls vulnerability< 3.2.7130/05/2023
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.2.7015/05/2023
- Unauthenticated Sensitive Information Disclosure vulnerability5.0.0-6.2.913/04/2023
- Contributor+ Stored XSS vulnerability< 3.2.6220/12/2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 3.2.5929/11/2022
- Authenticated PHAR Deserialization vulnerability<= 3.2.4918/08/2022
- Multiple Cross-Site Request Forgery (CSRF) vulnerabilities<= 3.2.4802/08/2022
- Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities<= 3.2.4802/08/2022
- Cross-Site Request Forgery (CSRF) vulnerability<= 3.2.4802/08/2022
- Bypass IP Address Blocking Restriction vulnerability<= 3.2.4901/08/2022
- Authenticated Cross-Site Scripting (XSS) vulnerability<= 3.2.4601/07/2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 3.2.4327/06/2022
- Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability<= 3.2.4327/06/2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 3.2.4207/06/2022
- Unauthenticated Brute Force of Files Master Key vulnerability<= 3.2.3816/03/2022
- Sensitive Information Disclosure vulnerability<= 3.2.2402/02/2022
- Authenticated SQL injection (SQLi) vulnerability to Reflected XSS vulnerability<= 3.2.3312/01/2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 3.2.2129/11/2021
- Stored Cross-Site Scripting (XSS) vulnerability<= 3.2.1529/09/2021
- Email Template Setting Update via Cross-Site Request Forgery (CSRF) vulnerability<= 3.2.1209/08/2021
- Authenticated File Upload vulnerability<= 3.1.2429/07/2021
- Multiple vulnerabilities<= 2.9.9616/06/2019
- Authenticated Cross-Site Scripting (XSS) vulnerability<= 2.9.9323/04/2019
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.9.6010/01/2018
- Authenticated Arbitrary File Upload Vulnerability<= 2.8.9727/06/2017
- Multiple Vulnerabilities<= 2.8.719/01/2016
- Stored XSS<= 2.7.9420/12/2015
- Authenticated Stored XSS<= 2.7.9416/07/2015
- XSS<= 2.2.215/05/2015
- Remote Code Execution<= 2.7.415/12/2014
- Multiple CSRF and XSS<= 2.0.628/11/2014
- Privilege Escalation<= 2.7.224/11/2014
- Arbitrary File Download<= 1.004/11/2014
- Persistent Cross Site Scripting<= 2.5.808/12/2013
- CSRF<= 1.6026/03/2013
- Arbitrary File Upload<= 0.230/07/2008