Known Vulnerabilities
CVE-2024-1962
The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack
UNKNOWN
CVSS 8.8
Published Mar 25, 2024
CVE-2024-1232
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack
UNKNOWN
CVSS 4.8
Published Mar 25, 2024