CVE-2021-23174 — Cross-site Scripting in Download Monitor

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

CNA3.4

EPSS

0.4%

top 38.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wpchill Download Monitor

Timeline

PublishedJan 28

Latest updateJan 29

Description

Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDwpchill/download_monitor< 4.4.7

▶CVEListV5wpchill/download_monitorn/a — 4.4.6

🔴Vulnerability Details

GHSA

GHSA-2523-v9j2-g44c: Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4↗2022-01-29

▶

CVEList

WordPress Download Monitor plugin <= 4.4.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability↗2022-01-28

▶