Cross-Site Request Forgery in CreativeMinds Downloads Manager for WordPress
CVE-2014-9129

Currently unrated

Key Information:

Vendor: Wordpress
Status: Cm Download Manager
Vendor: CVE Published:; 5 December 2014

Summary

A cross-site request forgery (CSRF) vulnerability exists in the CreativeMinds CM Downloads Manager plugin for WordPress, affecting versions prior to 2.0.7. This vulnerability enables remote attackers to exploit administrative authentication for malicious requests, particularly through the addons_title parameter on the CMDM_admin_settings page. Such an exploitation can lead to cross-site scripting (XSS) attacks, compromising the security of the WordPress environment.

References

https://downloadsmanager.cminds.com/release-notes/

x_refsource_CONFIRM

http://packetstormsecurity.com/files/129357/WordPress-CM-...

x_refsource_MISC

http://www.securityfocus.com/archive/1/534132/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Dec 5, 2014
Vulnerability Reserved
Nov 28, 2014