CVE-2021-24969Cross-site Scripting in Download Manager

CWE-79Cross-site ScriptingCWE-601Open RedirectCWE-918Server-Side Request Forgery5 documents5 sources
Severity
5.4MEDIUMNVD
GHSA6.1
EPSS
0.2%
top 56.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
W3eden Download Manager
Timeline
PublishedDec 27
Latest updateJun 10

Description

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

4
GHSA
Server-side request forgery in Apache Dubbo2022-06-10
GHSA
GHSA-3366-5rqh-74c5: The WordPress Download Manager WordPress plugin before 32021-12-28
CVEList
Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting2021-12-27
VulnCheck
w3eden download_manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2021
CVE-2021-24969 — Cross-site Scripting | cvebase