Description
WordPress Plugin WordPress Download Manager is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin WordPress Download Manager version 3.2.12 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.2.13 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:115A6FD3-A723-4167-A9A3-379871F13FCB
https://plugins.svn.wordpress.org/download-manager/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin WP Yelp Review Slider SQL Injection (7.0)
WordPress Plugin Slimstat Analytics Cross-Site Scripting (2.8.4)
Sqlite Other Vulnerability (CVE-2022-46908)
WordPress 'cat' Parameter SQL Injection Vulnerability (1.5 - 1.5.1.1)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4018)