MidnightBSD

Advisories for lester_chan

CVE-2013-2697 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
lester_chan wp-downloadmanager 1.30
lester_chan wp-downloadmanager 1.50
lester_chan wp-downloadmanager 1.40
lester_chan wp-downloadmanager 1.00
lester_chan wp-downloadmanager *
lester_chan wp-downloadmanager 1.31