Headline
CVE-2022-36288: WordPress Download Manager plugin <= 3.2.48 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities - Patchstack
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
Verified
Fixed
5.4
CVSS 3.1 score Medium severity
Monitoring Coming soon
PSID
d575770245ca
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Publicly disclosed
2022-08-02
Details
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities leading to stats and cache deletion were discovered by Vlad Vector (Patchstack) in the WordPress Download Manager plugin (versions <= 3.2.48).
Solution
Update the WordPress Download Manager plugin to the latest available version (at least 3.2.49).
References