Cm Download Manager
Approved changes feed: RSS · Atom
cpe:2.3:a:cminds:cm_download_manager:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Cminds (b5402bde-9543-59be-8aae-b9b2097f562f) |
|---|---|
| Product | Cm Download Manager (de01eac5-cde0-53af-a7e1-c66dc079e1c6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wp-plugins/cm-download-manager |
purl2cpe | 2026-06-01 10:15:33.777081 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-1962 |
vulnerable | 2026-06-03 14:54:35.090225 |
CM Download and File Manager < 2.9.1 - Download Edit via CSRF
The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack
Published: 2024-03-25T05:00:02.022Z
Updated: 2024-08-28T13:58:15.934Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1232 |
vulnerable | 2026-06-03 14:54:26.524011 |
CM Download Manager < 2.9.0 - Download Deletion via CSRF
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack
Published: 2024-03-25T05:00:01.133Z
Updated: 2024-08-09T20:00:16.433Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1231 |
vulnerable | 2026-06-03 14:54:26.520658 |
CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack
Published: 2024-03-25T05:00:00.845Z
Updated: 2025-03-19T20:04:28.792Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3076 |
vulnerable | 2026-06-03 14:47:51.963412 |
CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload
The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.
Published: 2022-09-26T12:35:42.000Z
Updated: 2025-05-22T15:41:20.288Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-27344 |
vulnerable | 2026-06-03 14:42:18.044781 |
Details available
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.
Published: 2020-10-21T19:09:23.000Z
Updated: 2024-08-04T16:11:36.588Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-9129 |
vulnerable | 2026-06-03 14:34:26.017057 |
Details available
Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php.
Published: 2014-12-05T15:00:00.000Z
Updated: 2024-08-06T13:33:13.431Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.