Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: lomiri.lomiri-download-manager

Found 7 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-39615
created 5 days, 22 hours ago
WordPress Download Manager plugin <= 3.3.53 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a through <= 3.3.53.

Affected products

download-manager
  • =<3.3.53

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2026-39676
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 5 days, 22 hours ago
WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.52.

Affected products

download-manager
  • =<3.3.52

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2025-63070
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 4 months ago
WordPress Download Manager plugin <= 3.3.32 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through <= 3.3.32.

Affected products

download-manager
  • =<<= 3.3.32

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2025-60092
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 4 months, 1 week ago
WordPress Download Manager Plugin <= 3.3.24 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24.

Affected products

download-manager
  • =<3.3.24

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2025-60093
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 4 months, 1 week ago
WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager allows Cross Site Request Forgery. This issue affects Download Manager: from n/a through 3.3.24.

Affected products

download-manager
  • =<3.3.24

Matching in nixpkgs

Package maintainers

Dismissed
Permalink CVE-2022-45836
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 1 year, 2 months ago by @Erethon Activity log
  • Created automatic suggestion 1 year, 3 months ago
  • @Erethon accepted 1 year, 2 months ago
  • @Erethon dismissed 1 year, 2 months ago
  • @Erethon accepted 1 year, 2 months ago
  • @Erethon dismissed 1 year, 2 months ago
WordPress Download Manager Plugin <= 3.2.59 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions.

Affected products

download-manager
  • =<3.2.59

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2024-56217
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 year, 3 months ago
WordPress Download Manager plugin <= 3.3.03 - Broken Access Control vulnerability

Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03.

Affected products

download-manager
  • =<3.3.03

Matching in nixpkgs

Package maintainers