CVE-2021-24969
published 2021-12-27CVE-2021-24969: The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin…
PriorityP278medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.60%
44.2th percentile
The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| w3eden | download_manager | < 3.2.22 | 3.2.22 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
ghsa6.1MEDIUM
vulncheck5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Server-side request forgery in Apache Dubbo
ghsa·2022-06-10·CVSS 6.1
CVE-2022-24969 [MEDIUM] CWE-601 Server-side request forgery in Apache Dubbo
Server-side request forgery in Apache Dubbo
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.
GHSA
GHSA-3366-5rqh-74c5: The WordPress Download Manager WordPress plugin before 3
ghsa_unreviewed·2021-12-28
CVE-2021-24969 [MEDIUM] CWE-79 GHSA-3366-5rqh-74c5: The WordPress Download Manager WordPress plugin before 3
The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks
VulnCheck
w3eden download_manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2021·CVSS 5.4
CVE-2021-24969 [MEDIUM] w3eden download_manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
w3eden download_manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks
Affected: w3eden download_manager
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-12-27
Published
Exploited in the wild