CVE-2021-36920 — Cross-site Scripting in Download Monitor

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA4.8

EPSS

0.2%

top 55.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wpchill Download Monitor

Timeline

PublishedJan 14

Latest updateJan 15

Description

Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5wpchill/download_monitor4.4.6

▶NVDwpchill/download_monitor4.4.6

🔴Vulnerability Details

GHSA

GHSA-6vjf-f548-f65r: Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4↗2022-01-15

▶

CVEList

WordPress plugin Download Monitor <= 4.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability↗2022-01-14

▶