ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Download Manager Plugin <= 2.0.6 - Multiple CSRF and XSS

Product
Download Manager
Description
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that change plugin settings or conduct cross-site scripting attacks.
Solution
Update the plugin.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2014-9129
Versions
Affected In <= 2.0.6
Fixed In 2.0.7
Disclosure date
2014-11-28
Credits
Henri Salo