CVE-2024-8444

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 43.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Download ManagerW3eden Download Manager
Timeline
PublishedOct 30

Description

The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/download_manager< 3.3.00

🔴Vulnerability Details

2
CVEList
Download Manager < 3.3.00 - Contributor+ Stored XSS2024-10-30
GHSA
GHSA-3hjx-m6qm-hh35: The Download Manager WordPress plugin before 32024-10-30