CVE-2013-2697

WP-DownloadManager < 1.61 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

References (2)

Core 2
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52863

Scores

EPSS 0.0095
EPSS Percentile 57.2%

Details

CWE
CWE-352
Status published
Products (6)
lesterchan/wp-downloadmanager 1.00
lesterchan/wp-downloadmanager 1.30
lesterchan/wp-downloadmanager 1.31
lesterchan/wp-downloadmanager 1.40
lesterchan/wp-downloadmanager 1.50
lesterchan/wp-downloadmanager < 1.60
Published Apr 19, 2013
Tracked Since Feb 18, 2026