Download manager

This hub aggregates every CVE we track for Download manager, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Download manager.

• CVE-2026-4057Download Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal4.3Apr 10, 2026
• CVE-2026-5357Download Manager <= 3.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes6.4Apr 9, 2026
• CVE-2026-39676WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability5.3Apr 8, 2026
• CVE-2026-39615WordPress Download Manager plugin <= 3.3.53 - Cross Site Scripting (XSS) vulnerability5.9Apr 8, 2026
• CVE-2026-2571Download Manager <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter4.3Mar 19, 2026
• CVE-2026-1666Download Manager <= 3.3.46 - Reflected Cross-Site Scripting via 'redirect_to' Parameter6.1Feb 18, 2026
• CVE-2025-15364Download Manager <= 3.3.40 - Unauthenticated Limited Privilege Escalation via updatePassword7.3Jan 6, 2026
• CVE-2025-13498Download Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure4.3Dec 18, 2025
• CVE-2025-63070WordPress Download Manager plugin <= 3.3.32 - Sensitive Data Exposure vulnerability4.3Dec 9, 2025
• CVE-2025-12177Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key5.3Nov 8, 2025
• CVE-2025-60093WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability4.3Sep 26, 2025
• CVE-2025-60092WordPress Download Manager Plugin <= 3.3.25 - Sensitive Data Exposure Vulnerability5.3Sep 26, 2025
• CVE-2025-10146Download Manager <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter6.1Sep 19, 2025
• CVE-2025-4367Download Manager <= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode6.4Jun 19, 2025
• CVE-2024-8284Download Manager <= 3.2.98 - Admin+ Stored XSS4.8May 15, 2025