W3edenCVEs & Vulnerabilities
51 CVEs affecting W3eden products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
51 CVEs→ All vendors
Most Affected Products
download manager 159live forms 2pricing table 1
CVE-2017-2216MEDIUM
Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
7 Jul 2017
6.1
CVSS
CVE-2014-8585MEDIUM
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
4 Nov 2014
5.0
CVSS
CVE-2013-7319MEDIUMpoc
Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.
6 Feb 2014
4.3
CVSS