Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lester_chan | wp-downloadmanager | 1.30 |
| lester_chan | wp-downloadmanager | 1.50 |
| lester_chan | wp-downloadmanager | 1.40 |
| lester_chan | wp-downloadmanager | 1.00 |
| lester_chan | wp-downloadmanager | * |
| lester_chan | wp-downloadmanager | 1.31 |