Description
Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References (2)
Core 2
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52863
Product x_refsource_confirm
http://wordpress.org/extend/plugins/wp-downloadmanager/changelog/
Scores
EPSS
0.0095
EPSS Percentile
57.2%
Details
CWE
CWE-352
Status
published
Products (6)
lesterchan/wp-downloadmanager
1.00
lesterchan/wp-downloadmanager
1.30
lesterchan/wp-downloadmanager
1.31
lesterchan/wp-downloadmanager
1.40
lesterchan/wp-downloadmanager
1.50
lesterchan/wp-downloadmanager
< 1.60
Published
Apr 19, 2013
Tracked Since
Feb 18, 2026