Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-34658: Download Manager

Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.

CVE
#sql#xss#vulnerability#web#ios#android#windows#google#microsoft#apache#js#git#wordpress#php#perl#pdf#auth#ssl
  • Details
  • Reviews
  • Installation
  • Support
  • Development

WordPress Download Manager is a Files / Documents Management Plugin to manage, track and control file downloads from your WordPress Site. Use Passwords, User Roles to control access to your files, control downloads by speed or by putting a limit on download count per user, block bots or unwanted users or spammers using Captcha Lock or IP Block feature, you may also ask users to agree with your terms and conditions before they download.

Also, you may use WordPress Download Manager as a complete e-Commerce Solution for selling digital products. Simply put a price when you need to sell a digital item. You also may use license ( ex: Simple, Extended, Unlimited ) based prices for a product. Users can directly download free items and when an item has a price user will have to go through cart & checkout. WordPress Download Manager has the easiest checkout option to give the user better experience in purchasing an item and which always increase the probability of successful completion of an order.

Features

  • Custom post type and taxonomy, adding a download is just like creating a post
  • Drag and Drop File Upload
  • Chunk upload support to override http max upload limit
  • Attach file directly from your server using server file browser
  • Media library file protection
  • Integrated document viewer ( DOC, PDF and POWERPOINT )
  • Quick add panel with tinymce editor button to create and insert a download easily when you are editing a post or page
  • Google Drive support to store your files in Google drive ( 15 GB of space for free)
  • DropBox support to store your files in DropBox ( 2 GB of space for free )
  • Box.com support to store your files in Box.com ( 10 GB of space for free )
  • OneDrive support to store your files in onedrive.live.com ( 15 GB of space for free )
  • Option to “Open in Browser” or “Download” files ( PDFs or images )
  • Control who can access to download
  • Category level access control
  • Download speed control
  • Password protection
  • CAPTCHA protection
  • IP block option to prevent bot downloads or downloads from unwanted IP addresses
  • Download logs to check who is downloading which file from where and when
  • Terms protection – Agree with Terms & Conditions before download
  • Download counter to see total download count for each file
  • Custom download link icon
  • File type icon support
  • Full Featured User Dashboard ( use short-code [wpdm_user_dashboard] )
  • Custom front-end login / signup form short-code
  • Custom oEmbed template
  • Responsive DataTable support ( use short-code [wpdm_all_packages jstable=1 items_per_page=20] )
  • Searching and Sorting Option
  • Custom link label
  • Short-code for download link
  • Short-code for direct link to downloadable file [wpdm_direct_link id=file_id_required link_label=any_text_optional]
  • Widget for new files
  • Widget for top downloads
  • Widget for searching downloads
  • Multi-level Categories
  • Custom TinyMce Button
  • Category embed short-code
  • Advanced server file browser
  • Complete category and file tree using a simple short-code [wpdm_tree]
  • MP4 video upload and play support
  • Video file download protection, allow visitors to play but block download
  • Translation Ready

Digital Asset Manager

  • Server file manager
  • Create new file and folder easily
  • Move, copy, edit files
  • Integrated file editor with syntax highlights
  • Asset shortcode to embed a file/asset easily in a page or post
  • Upload, Download and Delete operations
  • Video and audio preview/play

Digital Asset Manager ( Pro Features )

  • File tagging
  • Sharable link generator
  • Bookmarking, Comments and discussions
  • Front-end asset management
  • Custom asset meta data
  • Asset archive and version management

Complete Digital Store Solution:

Use Premium Package – Complete Digital Store Solution Add-on (free) if you need to sell your digital items. The add-on has all features you will ever need to build a perfect online shop for your digital downloads:

  • Single Click Activation ( Auto-install & Activate )
  • Sell Digital Products Securely
  • Easy Administration
  • PayPal Integrated
  • User-role Based Discount Management
  • Coupon Management
  • Sales Tax
  • Save Cart and Checkout Later
  • Email Saved Cart
  • Product & Price Variations ( License Based Pricing / Sell Extra Gigs with Product )
  • Promotional Pricing for Your Digital Products
  • “Pay As You Want” pricing
  • Invoice Generation
  • Easiest Checkout System
  • Guest Checkout and Guest Download
  • Order expiration option ( Like 1 year support & update access, then expire )
  • Auto-renew order option ( Accept Recurring Payment for Orders )
  • Easy Order Management
  • Sales Notifications via Email
  • Sales Notification Directly in Your Mobile with Push Message
  • Very Detailed Sales Reports
  • Order Notes & Messaging System
  • Extended Product Licensing System
  • License Level Pricing
  • Easy to implement license API for license system integration
  • Full-featured Digital Products Marketplace with Front-end product submission & payout management ( This Feature Requires WPDM v4+ )
  • Sell individual files ( like single song from an album ) ( This Feature Requires WPDM v4+ )
  • and much more…

Gutenberg Blocks

  • Gutenberg Blocks for gutenberg editor
  • Gutenberg Blocks and Page Layouts – Attire Blocks

Elementor Addons

  • Download Manager Addons for Elementor – Use the plugin if you are using Elementor Website Builder. The plugin provides elementor addons for all wordpress download manager shortcodes you were writing manually.

Google Drive

Use Google Drive Explorer add-on ( free ) to store your files in google drive and link with download manager, get 15 GB free storage space and save your server bandwidth

DropBox

Use DropBox Explorer add-on ( free ) to store your files in dropbox and link with download manager, get 2 GB free storage space and save your server bandwidth

Box.com

Use Box.com Explorer add-on ( free ) to store your files in Box.com and link with download manager, get 10 GB free storage space and save your server bandwidth

OneDrive

Use OneDrive Explorer add-on ( free ) to store your files in Microsoft OneDrive and link with download manager, get 15 GB free storage space and save your server bandwidth

Add-ons

Download and Install following free add-on to add additional features as per your need

  • Advanced Tiny-Mce Button for editor button to generate short-codes
  • Extended Short-codes for tree view ( [wpdm_tree] ), slider ( [wpdm_slider] ) & carousel ( [wpdm_carousel] )
  • WPDM Image Button to replace download link label with a custom designed image
  • WPDM Button Templates for pre-designed colorful button styles

Mobile Apps

Check download stats and get a push notification when someone downloads, install:

  • WPDM API – install this add-on on your site and configure API key
  • WPDM for Abdroid – Install the app on your android phone
  • WPDM for iOS – Check download and sales stats directly from your iPhone or iPad

Free Themes

  • Attire – perfect theme for any site like blog, portfolio, photography, stock image, music, video archive, software download directory, ecommerce, and it is free.

More Themes & Add-ons

  • Add-ons – 100+ add-ons
  • Themes – Themes Specially Optimized for Download Manager
  1. Upload download-manager to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress

Excellent plugin for managing and tracking file downloads…

Good plugin. It meets my need. Thanks.

The plugin is buggy, a lot of issues need to fix. The mail notifications to users don’t work, I cannot add some kind of pdf file to the package, I can add empty package (???), search engine don’t show private packages to the relative member, I delete the package but when I reload the page I find again the package deleted, the list of the packages is not shown properly because sometimes the first pages are empty and you find the package in the fourth or five page (???), many strings are not translated yet and I can continue… I asked their help in the forum but the support is not so good and in some case they marked as resolved thread still not fixed. I installed this plugin with all my good intentions but it was a nightmare. UDPATE REVIEW: Finally their support is more present, they reply and help me in very good way. Many issues are fixed and now I can use this plugin in good way for my work. This plugin has a lot of potential because have a lot of features thanks to add-on as well. The important is that the support is ready to help, like now, and improve this plugin according user’s needs. Now I can say I am very satisfied and I hope to continue in this ways. Thanks a lot!

They add you into a subscription for autorenewal without warning and then have a week before policy to cancel. They also do not make it easy to contact them to cancel autorenewal either!!! Then, you have to jump through hoops to cancel. Just use another plugin. I tried it and it really didn’t work for me and then they just renewed my "subscription". The only contact I got from them was a receipt.

With the minimum options it is enough to have a good download manager with login for users; good support in the forum.

Cumple con lo que necesito

Read all 897 reviews

“Download Manager” is open source software. The following people have contributed to this plugin.

Contributors

3.2.54 – 2022.08.22

  • Improved asset manager
  • Updated font awesome
  • Fixed a few input sanitization and escape output issues

3.2.53 – 2022.08.03

  • Fixed an issue with the REQUEST_URI sanitization in modal login form

3.2.52 – 2022.07.28

  • Fixed an issue with the insert url option

3.2.51 – 2022.07.27

  • Revalidated attached file to avoid any blocked file type attachment

3.2.50 – 2022.07.26

  • Added option to allow/disallow proxy IP, disallowed by default

3.2.49 – 2022.07.06

  • Fixed several Authenticated Persistent XSS Issues, special thanks to m0ze

3.2.48 – 2022.07.03

  • Improved admin UI
  • Rechecked code and fixed 2 issues with esc attr

3.2.47 – 2022.06.30

  • Fixed input filtering issue with the Insert URL option

3.2.46 – 2022.06.29

  • Fixed input filtering issue with the Insert URL option

3.2.45 – 2022.06.23

  • Internal codebase update

3.2.44 – 2022.06.23

  • Improved email template options
  • Internal codebase improvements
  • Fixed 2 input sanitization issues with download history and login form template

3.2.43 – 2022.06.02

  • Fixed an input sanitization issue with shortcode iframe

3.2.42 – 2022.05.31

  • Compatibility update for WordPress 6.0
  • Improved asset manager
  • Improved default email template
  • Improved stats and history

3.2.41 – 2022.05.04

  • Improved select2 ui
  • Fixed an issue with template path detection
  • Fixed the password validation issue with the password lock
  • Fixed ssl error issue with the QR code template tag
  • Fixed the file download issue for the files when file name starts with space

3.2.40 – 2022.04.12

  • Fixed an issue with the password reset form

3.2.39 – 2022.03.14

  • Improved master key option
  • Fixed an issue with the css variable for Google web font

3.2.38 – 2022.03.08

  • Improved all downloads table, added support for wpdm acf add-on

3.2.37 – 2022.02.17

  • Compatibility update for wp 5.9
  • Improved admin options
  • Fixed an issue with the category shortcode

3.2.36 – 2022.02.02

  • Adjusted a backward compatibility issue for older php version
  • Fixed several variable escaping issues

3.2.35 – 2022.01.25

  • Fixed an issue with the password validation

3.2.34 – 2022.01.11

  • Fixed data sanitization issue on stats page
  • Optimized json api calls

3.2.33 – 2022.01.11

  • Codebase optimization
  • Changed name from WordPress Download Manager to Download Manager

3.2.32 – 2021.12.21

  • Fixed a wpdm add-on compatibility issue

3.2.31 – 2021.12.21

  • Improved input sanitization options

3.2.30 – 2021.12.27

  • Improved input sanitization options

3.2.29 – 2021.12.24

  • Fixed an undefined index notice on download page

3.2.28 – 2021.12.24

  • Fixed several input sanitization issues

3.2.27 – 2021.12.20

  • Improved add-ons page

3.2.26 – 2021.12.09

  • Adjusted some data sanitization issues

3.2.25 – 2021.12.06

  • Improved admin ui

3.2.24 – 2021.11.26

  • Fixed file path issue for wpdm-admin.js

3.2.23 – 2021.11.25

  • Fixed some sanitization issues
  • Removed chosen js library, using select2 now

3.2.22 – 2021.11.24

  • Fixed a security issue with the email template editor

3.2.21 – 2021.11.23

  • Added option to delete file from server
  • Improved admin UI
  • Fixed an issue with temp storage option

3.2.20 – 2021.10.24

  • Added function to clear temp storage and clear session data with Clear All Cache Button
  • Improved ui options

3.2.19 – 2021.10.21

  • Fixed an issue with cache storage setting

3.2.18 – 2021.10.06

  • Remove mbstring dependency

3.2.17 – 2021.10.06

  • Fixed a sanitization issue with the wpdm client cookie
  • Fixed js undefined variable issue with the modal login form

3.2.16 – 2021.09.27

  • Fixed an issue with the pagination function
  • Improved UI class
  • Improved category and packages shortcode
  • Fixed package sorting issue with the category and package shortcode
  • Fixed RTL layout issue with wpdm admin settings page

3.2.15 – 2021.08.18

  • Improved session manager class
  • Fixed an issue with with asset access checking function
  • Fixed an issue with the WidgetController class

3.2.14 – 2021.08.16

  • Fixed an issue with template file detection in child theme
  • Fixed file delete option with the asset manager

3.2.13 – 2021.08.04

  • Fixed a security issue around email template function
  • Fixed an issue with the wpdm tag query
  • Fixed site url tag issue with the email message

3.2.12 – 2021.07.26

  • Fixed an issue with recaptcha lock
  • Fixed an issue with the text domain

3.2.11 – 2021.07.15

  • Fixed an naming conflict with an widget
  • Added 2 new filter hooks wpdmpro_single_main_query and wpdmpro_single_main_loop to resolve file page rendering issue outside of main loop/query

3.2.10 – 2021.07.14

  • Fixed an issue with plugin update notice

3.2.09 – 2021.07.14

  • Improved query class
  • Fixed issue with text domain in login form template & edit profile template

3.2.08 – 2021.07.12

  • Fixed an issue with the file type icon
  • Added a new filter hook wpdm_file_type_icon
  • Fixed issue with widget namespace
  • Fixed an issue with tag query

3.2.07 – 2021.07.09

  • Restored default link template to link-template-default
  • Restored wpdm file url slug to download

3.2.06 – 2021.07.08

  • Fixed an issue with the doc viewer

3.2.05 – 2021.07.07

  • Fixed the issue with the reCaptcha lock
  • Fixed icon issue with the all files table

3.2.04 – 2021.07.06

  • Fixed thumbnail issue with link-template-bsthumnail
  • Added option to hide admin notice for add-on update
  • Fixed an issue with the Top Downloads widget

3.2.03 – 2021.07.05

  • Fixed the issue with the file duplicate option

3.2.02 – 2021.07.05

  • Re-added missing link and page templates

3.2.01 – 2021.07.05

  • Fixed an issue with file listing

3.2.00 – 2021.07.04

  • Rebuilt codebase from the ground
  • Refreshed UI
  • Improved asset manager
  • Custom taxonomy ( wpdmtag ) as download/file tag

3.1.28 – 2021.06.07

  • Fixed file upload issue with the asset manager
  • Fixed an issue with the password lock option

3.1.27 – 2021.05.07

  • Fixed an issue with file type validation in file download function

3.1.26 – 2021.05.07

  • Improved file type validation function

3.1.25 – 2021.05.05

  • Fixed an security issue with link/page template file path, thanks for Wordfence for pointing the issue.

3.1.24 – 2021.05.01

  • Fixed an issue with user downoad count table creation
  • Fixed and issue with stats filtering options

3.1.23 – 2021.04.27

  • Improved asset manager

3.1.22 – 2021.04.22

  • Fixed settings save issue with plugin update settings

3.1.21 – 2021.04.21

  • Fixed an issue with server file picker

3.1.20 – 2021.04.20

  • Fixed an issue with asset manager dir explorer

3.1.19 – 2021.04.20

  • Fixed 3 security issues and improved security with file upload, asset manager access, settings options. Special thanks to WPScan and Darius Sveikauskas for pointing those issues.

3.1.18 – 2021.04.16

  • Fixed an issue with the file copy/duplicate option

3.1.17 – 2021.04.08

  • Adjusted shortcode column, removed the popup trigger button and reinstated the preview text field showing the shortcode

3.1.16 – 2021.03.23

  • Fixed the issue with the password reset form
  • Fixed 2 undefined variable notice in class.Package.php
  • Fixed 1 undefined variable notice in class.Email.php

3.1.15 – 2021.02.24

  • Fixed an issue user agent detection
  • Added new option to duplicate downloads
  • Improved shortcode column
  • Improved Query class

3.1.14 – 2021.02.09

  • Fixed an issue with the file size function
  • Fixed an issue with UI selection option

3.1.13 – 2021.01.28

  • Fixed an issue with the terms lock
  • Fixed an UI issue with the asset manager file editor

3.1.12

  • Improved terms lock option
  • Added zip and unzip option with the asset manager
  • Extended download history feature

3.1.11

  • Improved asset manager
  • Fixed the issue with displaying download count
  • Fixed the date format issue with download history

3.1.10

  • Improved email class, added support for custom tags in email to add user meta and REQUEST data

3.1.09

  • Improved Crypt class
  • Fixed an issue with the category shortcode

3.1.08

  • Fixed an issue with the login form parameter handling

3.1.07

  • Fixed a security issue ( Thanks to Austin Turecek, security research from Flashpoint )

3.1.06

  • Compatibility update for WordPress 5.5

3.1.05

  • Fixed an issue with the view counter
  • Fixed an issue with modal popup

3.1.04

  • Fixed an issue with the media library file protection
  • Optimized frontend UI

3.1.03

  • Fixed an issue with the login form captcha validation
  • Added options to enable/disable login/register form captcha from basic settings
  • Improved search widget

3.1.02

  • Added new option to mask/unmask download link
  • Fixed issue with the class.ShortCode.php, added a missing method

3.1.01

  • Fixed an issue with class.UI.php

3.1.0

  • Fixed the issue with PHP 5.6 compatibility

3.0.99

  • Fixed the issue with terms lock
  • Fixed the issue with reCaptcha overlap between modal login form and signup form
  • Fixed the style issue with the all downloads table

3.0.98

  • New options to customize category page styles
  • Improved register and login form shortcodes
  • Improved data table view

3.0.97

  • Improved asset manager
  • Fixed an issue with category handler
  • Fixed an issue with Package Info widget

3.0.96

  • Fixed an issue with file extension check
  • Improved admin UI

3.0.95

  • Fixed an issue with the PDF viewer

3.0.94

  • Fixed a notice due to undefined constant WPDM_USE_GLOBAL

3.0.93

  • Introduced a new constant to disable asset manager, need to add define('WPDM_ASSET_MANAGER’, false); in wp-config.php
  • Fixed a warning with category access check method

3.0.92

  • Fixed an issue with the font awesome enqueue

3.0.91

  • Fixed special char issue with the password lock
  • File attachment from file picker changed to relative path from absolute path to avoid file path issue after moving to another server
  • Improved package info widget

3.0.9

  • Added new mail template for new use signup admin notification
  • Compatibility update for PHP 7.4
  • Added modal login form

3.0.8

  • Fixed attached file path issue with the server file picker

3.0.7

  • Added server file picker feature
  • Added media library file protection feature

3.0.6

  • Added custom icon support for data table
  • Added new option to attach file from media library
  • Added audio player option
  • Added new link template with audio play button
  • Added new page template with audio player

3.0.5

  • Improved asset manager
  • Improved frontend UI

3.0.4

  • Compatibility update for WordPress 5.3
  • Fixed a CSS issue wit the UI settings

3.0.3

  • Fixed a translation issue with the template files
  • Fixed am issue with oEmbed function
  • Fixed an issue with direct link shortcode parameter
  • Fixed an issue with email template save function

3.0.2

  • Improved asset manager root directory option
  • Improved stats export options
  • Fixed file sorting issue with all downloads table

3.0.1

  • Fixed an issue with file browser root dir in windows server
  • Adjusted asset manager access to site admins

3.0.0

  • Asset awesome new option for asset management
  • Fixed an issue with the terms lock

2.9.99

  • Fixed an char encoding issue with server file browser path

2.9.98

  • Fixed an issue with google drive file download
  • Fixed an issue with login required message

2.9.97

  • Fixed input sanitization issue with email template and package settings

2.9.96

  • Compatibility update for WordPress 5.2
  • Improved user dashboard area

2.9.95

  • Fixed an issue with the captcha lock

2.9.94

  • Sanitized user inputs with category shortcode

2.9.93

  • Improved session management

2.9.92

  • Fixed issued with the password reset form
  • Fixed the conflict with health check plugin

2.9.91

  • Fixed an issue with email template edit
  • Improved UI settings
  • Fixed invalid input issue with package settings

2.9.90

  • Fixed an issue with settings page tab load

2.9.89

  • Fixed the issue with saving settings

2.9.88

  • Compatibility update for WordPress 5.1

2.9.87

  • Fixed an issue with wpdm_direct_link shortcode
  • Fixed an issue with session class namespace
  • Fixed an issue with signup form

2.9.86

  • Fixed the issue with cache dir creation

2.9.85

  • Fixed the conflict with the wordpress plugin/theme editor
  • Moved cache directory outside of plugins dir
  • Added new option to customize download button styles easily

2.9.84

  • Updated sign up and login form
  • Updated email templates

2.9.83

  • Added email template editor ( option to customize all email messages and templates send from wpdm )

2.9.82

  • Improved search shortcode
  • Fixed text domain issue with registration form
  • Fixed a redirection issue with the login form
  • Option to enable/disable Google Fonts

2.9.81

  • Changed Font Awesome enqueue ID
  • Added some missing file type icons

2.9.80

  • Fixed an issue with the font awesome enqueue

2.9.79

  • Compatibility update for gutenberg
  • Updated font awesome

2.9.78

  • Fixed an issue with category access
  • Fixed SQL issue in download history page

2.9.77

  • Fixed the icon size issue with link template
  • Updated crypt class
  • Updated category access settings

2.9.76

  • Fixed the issue with pagination class name

2.9.75

  • Improved video file protection, now you can allow user to play/view video but block download
  • Improved UI

2.9.74

  • Moved privacy settings to a separate settings tab
  • Added option to delete download history when users close accounts
  • Added option to empty cache dir

2.9.73

  • Added new option to skip from download stats for GDPR compliance

2.9.72

  • Fixed an issue with file name sanitization
  • Fixed an issue with video play
  • Updated font awesome

2.9.71

  • Added new option to use category icon/image
  • Improved fields ( title, page_link ) with all downloads table
  • Fixed compatibility issue with Form Lock Add-on

2.9.70

  • Updated add-on manager
  • Added new fields ( author_name, author_pic ) for all downloads table
  • Fixed issue with master key reset

2.9.69

  • Fixed the issue with reCaptcha lock

2.9.68

  • Fixed the issue with autoloader

2.9.67

  • Fixed the warning “Illegal string offset…” with class.DownloadStats.php
  • Improved the default page template

2.9.66

  • Fixed the issue with stats class

2.9.65

  • Added new file type icons
  • Fixed the issue with download popup
  • Fixed the issue with autoload class
  • Fixed deprecated function issue in widget.php

2.9.64

  • Added missing media streaming class on last update

2.9.63

  • Fixed download popup display issue in mobile devices
  • Fixed an issue with video streaming
  • Added missing translations in login form template
  • Fixed missing columns data issue with all downloads table

2.9.62

  • Auto-clear file size field after uploading new file or deleting current file
  • Added new parameter with all downloads shortcode to customize columns
  • Improved lock option display
  • Fixed issue with multiple reCaptcha on same page

2.9.61

  • Fixed a minor security issue with add-on installation

2.9.60

  • Fixed date sorting issue with all downloads shortcode

2.9.59

  • Compatibility update for WordPress 4.9
  • Improved page templates

2.9.58

  • Added support for chunk upload
  • Fixed template file path issue
  • Improved UI
  • Added multiple password support

2.9.57

  • Added new option to attach external URL as download link
  • Added translation support for page templates
  • Added mp4 video upload and play support
  • Added new page template for video file
  • Hide empty fields from page template automatically

2.9.56

  • Added new page template for the files with price
  • Fixed issue with stat export

2.9.55

  • Added various filter option on download stats
  • Added stats export option
  • Removed enqueued scripts and styles from admin pages where it is not necessary
  • Improved add-on page

2.9.54

  • Fixed issue with captcha verify
  • Fixed issue with private file download
  • Fixed issue with tag archive page
  • Improved admin UI

2.9.53

  • Fixed the issue with download history clear button
  • Fixed the issue with datatable sorting
  • Fixed issue with search widget
  • Recoded search result shortcode ( [wpdm_search_result] )
  • Fixed the issue with signup email

2.9.52

  • Compatibility release for WordPress 4.8
  • Fixed issue with input data formatting

2.9.51

  • Added IP block option to prevent bot downloads or downloads from unwanted IP addresses
  • Fixed issue with redirection after login
  • Fixed issued with master key reset on product update

2.9.50

  • Added new page template to show terms and conditions in a modal popup
  • Added new link template to show terms and conditions in a modal popup
  • Fixed issue with signup page
  • Fixed issue with page template dropdown

2.9.49

  • Fixed a compatibility issue with PHP7

2.9.48

  • Fixed issue with direct download link

2.9.47

  • Added new toolbar style for category short-code ( toolbar=”skinny” )
  • Added target=_blank option with direct link short-code
  • Added users’ name with download hostory

2.9.46

  • Fixed CSS conflict ( at front.css )
  • Added nonce check with settings form
  • Blocked unwanted file type upload
  • Added new action wpdm_before_upload_file
  • Added new filter wpdm_after_upload_file

2.9.45

  • Fixed issue with textdoamin
  • Fixed issue with category access settings

2.9.44

  • Fixed the issue with add-on update notice

2.9.43

  • Fixed issued with add-on update
  • Fixed issue with add-on page
  • Added missing email templates

2.9.42

  • Add new short-code template ( link-template-bsthumnail )
  • Improved category short-code
  • Fixed issue with password lock option

2.9.41

  • Added page template selection option
  • Added Terms and Conditions option
  • Improved admin UI

2.9.4

  • Fixed issue with empty download
  • Added option to clear all download history

2.9.3

  • Compatibility release for WordPress 4.7
  • Fixed sort by date issue with all downloads table
  • Fixed several issues with translation strings
  • Improved admin UI

2.9.2

  • Added new field in package setting to add file size manually for remote files
  • Fixed 3 warnings at class.Apply.php

2.9.1

  • Added Download History Page
  • Improved Admin UI

2.9.0

  • Compatibility release for WordPress 4.6
  • Fixed a notice in reg form template

2.8.99

  • Added CAPTCHA with signup form
  • Fixed issue with redirection after user registration
  • Added option to enable/disable auto login after user registration
  • Show/Hide Password field in user registration form

2.8.98

  • Fixed issues with icon path
  • Updated short-code [wpdm_login_form], use [wpdm_ligin_form signup=1] to show login + signup form

2.8.97

  • Fixed issue with attached file delete
  • Fixed issue with reg form
  • Fixed issue with login form

2.8.96

  • Added new option for login form
  • Improved signup form
  • Improved dashboard short-code, added parameter to control login/signup form and recommended downloads
  • Added option to control dashboard url structure

2.8.95

  • Removed function get_currentuserinfo

2.8.94

  • Compatibility release for WordPress v4.5

2.8.93

  • Fixed issue with unexpected char before filename ( “File Missing Error!” )
  • Fixed issue file deletion.
  • Fixed a notice with password lock option
  • Adjusted add to cart link in all downloads page

2.8.92

  • Fixed issue file browser (was showing “Not Allowed!” message)

2.8.91

  • Added support for OneDrive
  • Improved Download Info widget
  • Improved all downloads short-code for premium files
  • Fixed issue with user signup in class.Apply.php
  • Fixed issue with widgets

2.8.9

  • Removed jquery.cookie.js file
  • Fixed issue with add-on update from Settings >> Updates tab

2.8.8

  • Fixed SECURITY issue with update profile function ( Special Thanks to James Golovich )
  • Fixed “array-intersect” warning with server file browser option

2.8.7

  • Fixed SECURITY issue with update file function
  • Fixed notice in class.Package.php
  • Fixed notices in Settings >> Updates tab
  • Fixed notices with dashboard widget

2.8.6

  • Fixed issue with invalid functions ( license check )

2.8.5

  • Fixed the “missing function” warning on plugin activation

2.8.4

  • Added CAPTCHA lock
  • Improved UI
  • Added new link template
  • Improved Codebase

2.8.3

  • Fixed issue with tree view, added missing functions
  • Compatibility released for WordPress v4.4
  • Enabled category page
  • Activated all features for Premium Package ( Guest Order, Guest Download, Order Notes, Save & Email Cart )

2.8.2

  • Added category widget
  • Updated link template “Default Template (Extended)” to show file description
  • Updated recommended download section in user dashboard
  • Fixed critical issue with URL rewrite for user dashboard
  • Fixed issue with icons
  • Fixed alt tag issue with icons and thumbnail

2.8.1

  • Added new option to enable/disable font awesome
  • Optimized user dashboard
  • Added missing file type icons

2.8.0

  • Fixed issue with file attachment
  • Added New Short-code User Dashboard
  • Added Download History Page

2.7.96

  • WordPress v4.3 compatibility release
  • Added missing hook in basic settings section

2.7.95

  • Added new option for sanitizing file names to avoid illegal chars
  • Fixed issue with open with browser option
  • Fixed issue with file type icons selection for all files short-code
  • Fixed issue with order expiration check
  • Fixed issue with purchased items access at front-end
  • Added new option to recalculate total sales of a product

2.7.94

  • Fixed an issue with shop activation
  • Added missing strings in language file
  • Updated datatable js

2.7.93

  • Fixed login issue with order page

2.7.92

  • Fixed security issue with dir file browser

2.7.91

  • Added “Open in Browser” option
  • Removed apache_setenv function
  • Fixed issue with CURLOPT_FOLLOWLOCATION
  • Added one click digital store activation option

2.7.90

  • Fixed an issue with settings api
  • Added support to selling downloads

2.7.89

  • Added Box.com Support
  • Fixed icon selection issue

2.7.88

  • Improved icon option
  • Added dropbox support
  • Improved google drive file attachment option

2.7.87

  • Fixed issue with output buffering option
  • Fixed issue with broken pdf download ( was only happening in few installations )
  • Fixed issue with Google Drive file attachment
  • Fixed issue with Google Drive file download

2.7.86

  • Fixed issue with password locked files for double link in the same page
  • Added new option for disabling output buffering, no more broken downloads
  • Google Drive support to store your files in Google drive

2.7.85

  • Added new option to reset file browser base dir
  • Added new widget for searching downloads
  • Adjusted some css to resolve conflict with some themes

2.7.84

  • Added upload restriction unwanted file types for better security

2.7.83

  • Added update check option for add-ons
  • Optimized for iOS app ( iOS app is available now )
  • Updated font awesome
  • Updated api for settings fields

2.7.82

  • Updated download speed option
  • Regrouped settings page
  • Updated missing text in po file

2.7.81

  • WordPress v4.1 compatibility release

2.7.8

  • Fixed issue with resumable download option
  • Added missing string in .po file
  • Fixed issue with bootstrap settings selection
  • Added items per page option with all downloads table

2.7.7

  • Fixed data table issue
  • Fixed wpdm_hotlink short-code issue
  • Fixed issue with login require message

2.7.6

  • Added new option to control server file browser access
  • Fixed issue with cookie ( removed cookie usage totally )

2.7.5

  • Fixed a security issue
  • Optimized inline js code to avoid conflict
  • Fixed download link for members only files
  • Added add-ons menu

2.7.4

  • Fixed issue with icon view
  • Fixed issue with db table checking for old version compatibility
  • Optimized link template css to resolve some theme conflict

2.7.3

  • Added missing template for category short-code

2.7.2

  • Updated Add-on Installer
  • Re-added widgets
  • New Link template added

2.7.1

  • Fixed jquery issue
  • Added 3 link templates
  • Upgraded category short-code view

2.7.0

  • Moved to Custom Post Type
  • Upgraded Access setting to allow role based access
  • Added support for add-on usage
  • More extensive SEO support
  • Translation Ready

2.6.96

  • Upgraded server file browser option to control access
  • Fixed minor issues

2.6.95

  • Fixed a few notices in add new file page
  • Fixed issue with output buffering

2.6.94

  • Upgraded tinymce button add-on
  • Fixed some notices

2.6.93

  • Fixed security issue with update file
  • Fixed security issue with delete file

2.6.92

  • Compatibility release for WordPress 4

2.6.91

  • Compatibility release for WordPress 3.9.2
  • adjusted a minor issue with download url
  • Fixed 3 minor issues from add new file window

2.6.9

  • Adjusted a string formatting issue in edit file window
  • adjusted download url, trimmed “=”

2.6.8

  • Adjusted some notices and deprecated functions

2.6.7

  • Security bug fixed
  • Fixed an output buffering issue

2.6.6

  • Adjusted some minor issues from the previous version

2.6.5

  • Added new option to control tinymce button visibility

2.6.4

  • Fixed issue with quick add window

2.6.3

  • Fixed issue with delete single item

2.6.2

  • Fixed an issue with category short-code pagination

2.6.1

  • Compatibility release for WordPress 3.9

2.6.0

  • Added new option for setting up server file browser base dir.

2.5.99

  • Fixed issue with multiple package delete
  • Fixed issue with show/hide counter

2.5.98

  • added “items_per_page” parameter with category short-code

2.5.97

  • Updates file missing code
  • Fixed redirection issue after creating new package

2.5.96

  • Fixed issues with category short-code
  • Fixed issue with tinymce button for category short-code

2.5.95

  • Adjusted sorting option for category short-code
  • You can use now [wpdm_category id=cid order_field=”field_name” order=”desc/asc”]

2.5.94

  • Fixed HTTP response code for download page

2.5.93

  • Added validation for input data
  • Updated settings page
  • Fixed access level issue

2.5.92

  • Applied sanitize file name for cached file

2.5.91

  • regular maintenance and compatibility release for wp 3.8

2.5.9

  • Fixed input validation issue

2.5.8

  • Adjusted 3 minor issues with input validation and notice display.

2.5.7

  • Adjusted some minor issues ( notices )

2.5.6

  • Fixed category id issue for non-ascii chars

2.5.5

  • Fixed data validation issue

2.5.4

  • Fixed an issue with quick add option

2.5.3

  • regular maintenance and compatibility release for wp 3.7

2.5.2

  • Updated tinymce button, added selection option for additional short-codes

2.5.1

  • Fixed conflict with nextgen gallery

2.5.0

  • Fixed issue with category id for utf8 charset
  • Fixed issue with file title

2.4.9

  • Fixed an issue with tinymce button

2.4.8

  • Compatibility update for wp 3.6
  • Adjusted minor css issue

2.4.7

  • added title and description support to category short-code

2.4.6

  • Added stripslashed for title and description
  • Upgraded some internal css

2.4.5

  • Fixed the issue with tinymce button

2.4.4

  • Upgrade tinymce button feature, added quick add option

2.4.3

  • Fixed issue with categories
  • Fixed Download Limit Issue

2.4.2

  • Added icon support for category short-code

2.4.1

  • Upgraded category sort-code

2.4.0

  • Fixed members download issue

2.3.9

  • Fixed the issue with “fread”

2.3.8

  • Adjusted broken file issue

2.3.7

  • Upgraded new download widget

2.3.6

  • Upgraded tree view

2.3.5

  • Optimized ui and some internal code for better experience
  • Fixed tree view short-code issue

2.3.4

  • Fixed file save issue with v2.3.3
  • Fixed issue with download monitor import

2.3.3

  • added search functionality in admin
  • added individual icon support
  • added new short-code for all download using datatable.js, with sorting and searching option

2.3.2

  • Fixed a minor issue with uploader

2.3.1

  • Optimized for wp 3.5
  • Upgraded file upload option
  • Adjusted file delete issue
  • Upgraded content formatting

2.3.0

  • Fixed category pagination issue
  • Fixed category count issue
  • Fixed ‘facebook’ css class issue
  • Fixed file delete option

2.2.9

  • Added new short-code [wpdm_tree] to show all files and categories in tree format
  • Fixed image issue with file description
  • Fixed subcategory edit issue

2.2.8

  • Fixed a minor database issue with file list

2.2.7

  • Fixed server file browser issue

2.2.6

  • Adjusted enqueue script issue

2.2.5

  • Fixed compatibility issue with WordPress 3.4

2.2.4

  • Fixed empty category name issue
  • Added new option to delete all category
  • Fixed delete category issue

2.2.3

  • Fixed category page security issue

2.2.2

  • setHtaccess function error fixed
  • optimized front-end css
  • additional button template added

2.2.1

  • adjusted issue with template selection in tinymce popup
  • hyperlink issue with description fixed
  • adjusted css styling issue

2.2.0

  • New templates for file links
  • WP Thickbox popup for download page
  • Upgraded tiny-mce button

2.1.3

  • update short-code from {filelink=fileid} to [file id=fileid]. also support for old styles short-code exists.

2.1.2

  • fixed download issues with 2.1.1
  • activated direct download without appearing popup for the files without password, so popup will appear only for files with password

2.1.1

  • added new short-code [wpdm_hotlink id=file_id_required link_label=any_text_optional], use the short-code to place direct download link to files without showing popup

2.1.0

  • adjusted category hierarchy issue on parent selection
  • download monitor importer adjusted

2.0.19

  • members download issue fixed with widget

2.0.18

  • members download issue fixed with category embed code

2.0.17

  • server file browser issue fixed

2.0.16

  • memory limit error fixed
  • tinymce issue adjusted
  • download url issue adjusted
  • file not found issue adjusted

2.0.15

  • pagination class conflict issue resolved
  • adjusted a minor database bug

2.0.14

  • Added option for “Import Download Monitor files”. You can use this option if you already using “Download Monitor” from earlier and want use “Download Manager” now. It’ll import all files and categories from “Download Monitor” to “Download Manager”

2.0.13

  • access option restored

2.0.12

  • frontend download counter issue adjusted

2.0.11

  • download counter and download label issue fixed

2.0.10

  • fixed bug with server browser
  • fixed bug with db table creation

2.0.9

  • added category feature
  • new popup style added
  • advanced server file browser added

2.0.7

  • fixed bug with installation
  • fixed bug with icon

2.0.6

  • new widget added for showing new downloads
  • adjusted file delete issue

2.0.5

  • new option for tiny-mce button added
  • “Install” function conflict resolved

2.0.4

  • some plugins conflict adjusted
  • new option added for setting custom message
  • new option added for uploading upload link icon

2.0.3

  • Add/Edit Download count option added

2.0.2

  • database class conflict fixed

2.0.1

  • New Option added for download link label

1.5.9

  • Hotlink protection added

1.5.33

  • Add new option for controlling plugin access. Now you can set access level for the plugin

1.5.32

  • Minor bug fixed with creating db table

1.5.3

  • Download counter show/hide feature added for frontend download counter display

1.5.2

  • Added admin option to see download counts
  • 3 Minor bugs fixed

1.5.1

  • Adjusted minor issues with download counter

1.5

  • New feature: Download counter
  • 2 minor bug fixed

1.4

  • Fixed conflict with some other plugins

1.3

  • Fixed issue with pagination

1.2.5

  • Added new option for automatic dir creation

1.2.4

  • Fixed bug with upload path
  • File exists check added
  • Moved upload dir to new location for security reason

1.2.3

1.2.2

  • Fixed bug with edit item

1.2.1

  • Fixed bug with download link

1.2

  • Fixed installation bug

1.1

  • Fixed security bug with direct download protection

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907