Description
WordPress Plugin WordPress Download Manager is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin WordPress Download Manager version 3.2.12 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.2.13 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:115A6FD3-A723-4167-A9A3-379871F13FCB
https://plugins.svn.wordpress.org/download-manager/trunk/readme.txt
Related Vulnerabilities
Atlassian Jira CVE-2020-14165 Vulnerability (CVE-2020-14165)
WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder SQL Injection (1.29.2)
WordPress Plugin Related Posts Unspecified Vulnerability (5.12.69)
WordPress Plugin DZS Video Gallery Multiple Cross-Site Scripting Vulnerabilities (All)
Magento Insufficient Session Expiration Vulnerability (CVE-2019-8149)