Vulnerabilities in codename065
33 resultsCVE-2024-11740HIGHDownload Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 1.9%CVE-2022-2436HIGHDownload Manager <= 3.2.49 - Authenticated (Contributor+) PHAR DeserializationEPSS 1.3%CVE-2022-1985MEDIUMDownload Manager <= 3.2.42 - Reflected Cross-Site ScriptingEPSS 1.1%CVE-2025-3404HIGHDownload Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File DeletionEPSS 0.9%CVE-2022-2101MEDIUMDownload Manager <= 3.2.46 - Contributor+ Cross-Site ScriptingEPSS 0.8%CVE-2023-4293HIGHPremium Packages - Sell Digital Products Securely <= 5.7.4 - Arbitrary User Meta Update to Authenticated (Subscriber+) Privilege EscalationEPSS 0.8%CVE-2023-2305MEDIUMDownload Manager <= 3.2.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.6%CVE-2024-7486HIGHMultiPurpose <= 1.2.0 - Authenticated (Contributor+) PHP Object InjectionEPSS 0.6%CVE-2024-7560HIGHNews Flash <= 1.1.0 - Authenticated (Editor+) PHP Object InjectionEPSS 0.6%CVE-2025-1785MEDIUMDownload Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File OverwriteEPSS 0.6%CVE-2023-6785MEDIUMDownload Manager <= 3.2.84 - Missing AuthorizationEPSS 0.5%CVE-2023-6954MEDIUMDownload Manager <= 3.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.5%CVE-2024-10164MEDIUMPremium Packages - Sell Digital Products Securely <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdmpp_pay_link ShortcodeEPSS 0.5%CVE-2024-11225MEDIUMPremium Packages – Sell Digital Products Securely <= 5.9.3 - Reflected Cross-Site Scripting via add_query_argEPSS 0.5%CVE-2024-2098HIGHDownload Manager <= 3.2.89 - Improper Authorization via protectMediaLibraryEPSS 0.5%CVE-2024-5266MEDIUMDownload Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple ShortcodesEPSS 0.4%CVE-2026-4057MEDIUMDownload Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection RemovalEPSS 0.4%CVE-2024-6208MEDIUMDownload Manager <= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.4%CVE-2024-33938MEDIUMWordPress Sliding Widgets plugin <= 1.5.0 - Broken Access Control to XSS vulnerabilityEPSS 0.4%CVE-2025-13498MEDIUMDownload Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password DisclosureEPSS 0.4%