Download Manager
Shahjada
Developer
3.3.32
Latest version
100,000
Installations
Nov 5, 2025
Last updated
Vulnerability history
0 present
61 fixed
13 Mitigation rules
- Unauthenticated Cron Trigger due to Hardcoded Cron Key vulnerability<= 3.3.307 days ago
- Cross Site Request Forgery (CSRF) Vulnerability<= 3.3.24Sep 26, 2025
- Sensitive Data Exposure Vulnerability<= 3.3.25Sep 26, 2025
- Reflected Cross-Site Scripting via `user_ids` Parameter vulnerability<= 3.3.23Sep 18, 2025
- Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode vulnerability<= 3.3.18Jun 19, 2025
- Admin+ Stored XSS vulnerability<= 3.2.98May 19, 2025
- Authenticated (Author+) Arbitrary File Deletion vulnerability<= 3.3.12Apr 19, 2025
- Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability<= 3.3.12Apr 17, 2025
- Authenticated (Author+) Path Traversal to Limited File Overwrite vulnerability<= 3.3.08Mar 12, 2025
- Unauthenticated Information Disclosure via Unprotected Directory vulnerability<= 3.3.06Mar 8, 2025
- Admin+ Stored XSS vulnerability< 3.3.03Dec 20, 2024
- Broken Access Control vulnerability<= 3.3.03Dec 19, 2024
- Unauthenticated Arbitrary Shortcode Execution vulnerability<= 3.3.03Dec 18, 2024
- Improper Authorization to Unauthenticated Download of Password-Protected Files vulnerability<= 3.3.03Dec 18, 2024
- Contributor+ Stored XSS vulnerability< 3.3.00Oct 30, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.2.97Jul 31, 2024
- Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting vulnerability<= 3.2.86Jun 12, 2024
- Improper Authorization via protectMediaLibrary vulnerability<= 3.2.89Jun 12, 2024
- Authenticated Stored Cross-Site Scripting vulnerability<= 3.2.92Jun 11, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode vulnerability<= 3.2.93Jun 5, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode vulnerability<= 3.2.90May 31, 2024
- File Password Lock Bypass vulnerability<= 3.2.82Apr 12, 2024
- Cross Site Scripting (XSS) vulnerability<= 3.2.84Mar 16, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.2.85Feb 28, 2024
- Missing Authorization vulnerability<= 3.2.84Feb 28, 2024
- Broken Access Controls vulnerability< 3.2.71May 30, 2023
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.2.70May 15, 2023
- Unauthenticated Sensitive Information Disclosure vulnerability5.0.0-6.2.9Apr 13, 2023
- Contributor+ Stored XSS vulnerability< 3.2.62Dec 20, 2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 3.2.59Nov 29, 2022
- Authenticated PHAR Deserialization vulnerability<= 3.2.49Aug 18, 2022
- Multiple Cross-Site Request Forgery (CSRF) vulnerabilities<= 3.2.48Aug 2, 2022
- Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities<= 3.2.48Aug 2, 2022
- Cross-Site Request Forgery (CSRF) vulnerability<= 3.2.48Aug 2, 2022
- Bypass IP Address Blocking Restriction vulnerability<= 3.2.49Aug 1, 2022
- Authenticated Cross-Site Scripting (XSS) vulnerability<= 3.2.46Jul 1, 2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 3.2.43Jun 27, 2022
- Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability<= 3.2.43Jun 27, 2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 3.2.42Jun 7, 2022
- Unauthenticated Brute Force of Files Master Key vulnerability<= 3.2.38Mar 16, 2022
- Sensitive Information Disclosure vulnerability<= 3.2.24Feb 2, 2022
- Authenticated SQL injection (SQLi) vulnerability to Reflected XSS vulnerability<= 3.2.33Jan 12, 2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 3.2.21Nov 29, 2021
- Stored Cross-Site Scripting (XSS) vulnerability<= 3.2.15Sep 29, 2021
- Email Template Setting Update via Cross-Site Request Forgery (CSRF) vulnerability<= 3.2.12Aug 9, 2021
- Authenticated File Upload vulnerability<= 3.1.24Jul 29, 2021
- Multiple vulnerabilities<= 2.9.96Jun 16, 2019
- Authenticated Cross-Site Scripting (XSS) vulnerability<= 2.9.93Apr 23, 2019
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.9.60Jan 10, 2018
- Authenticated Arbitrary File Upload Vulnerability<= 2.8.97Jun 27, 2017
- Multiple Vulnerabilities<= 2.8.7Jan 19, 2016
- Stored XSS<= 2.7.94Dec 20, 2015
- Authenticated Stored XSS<= 2.7.94Jul 16, 2015
- XSS<= 2.2.2May 15, 2015
- Remote Code Execution<= 2.7.4Dec 15, 2014
- Multiple CSRF and XSS<= 2.0.6Nov 28, 2014
- Privilege Escalation<= 2.7.2Nov 24, 2014
- Arbitrary File Download<= 1.0Nov 4, 2014
- Persistent Cross Site Scripting<= 2.5.8Dec 8, 2013
- CSRF<= 1.60Mar 26, 2013
- Arbitrary File Upload<= 0.2Jul 30, 2008