CVE-2025-4367
published 2025-06-19CVE-2025-4367: The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to…
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.21%
10.7th percentile
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codename065 | download_manager | <= 3.3.18 | — |
| github.com | gogs_gogs | >= 0 < 0.13.3-0.20250608224432-110117b2e5e5 | 0.13.3-0.20250608224432-110117b2e5e5 |
| gogs.io | gogs | >= 0 < 0.13.3-0.20250608224432-110117b2e5e5 | 0.13.3-0.20250608224432-110117b2e5e5 |
| w3eden | download_manager | < 3.3.19 | 3.3.19 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ghsa8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Gogs XSS allowed by stored call in PDF renderer
ghsa·2025-06-26·CVSS 8.8
CVE-2025-47943 [HIGH] CWE-79 Gogs XSS allowed by stored call in PDF renderer
Gogs XSS allowed by stored call in PDF renderer
### Summary
A stored XSS is present in Gogs which allows client-side Javascript code execution.
### Details
Gogs Version:
```
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
gogs/gogs latest fe92583bc4fe 10 hours ago 99.3MB
```
Application version: `0.14.0+dev`
Local setup using:
```bash
# Pull image from Docker Hub.
docker pull gogs/gogs
# Create local directory for volume.
sudo mkdir -p /var/gogs
# Use `docker run` for the first time.
docker run --name=gogs -p 10022:22 -p 10880:3000 -v /var/gogs:/data gogs/gogs
```
The vulnerability is caused by the usage of a vulnerable and outdated component: `pdfjs-1.4.20` under public/plugins/.
Read more about this vulnerability at [codeanlabs - CVE-2024-4367](https://codeanlabs.com/blog/res
GHSA
GHSA-xq7h-2px5-q4qg: The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions
ghsa_unreviewed·2025-06-19
CVE-2025-4367 [MEDIUM] CWE-80 GHSA-xq7h-2px5-q4qg: The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Suricata
ET EXPLOIT Firefox ESR PDF.js Arbitrary Javascript Execution (CVE-2024-4367)
suricata·2025-05-22·CVSS 8.8
CVE-2024-4367 [HIGH] ET EXPLOIT Firefox ESR PDF.js Arbitrary Javascript Execution (CVE-2024-4367)
ET EXPLOIT Firefox ESR PDF.js Arbitrary Javascript Execution (CVE-2024-4367)
Rule: alert tcp any any -> $HOME_NET any (msg:"ET EXPLOIT Firefox ESR PDF.js Arbitrary Javascript Execution (CVE-2024-4367)"; flow:established,to_client; file.data; content:"|25|PDF|2d|"; startswith; content:"|2f|FontMatrix|20 5d|"; fast_pattern; pcre:"/^[^7d]*?\x3b/R"; reference:url,www.exploit-db.com/exploits/52273; reference:cve,2024-4367; classtype:misc-attack; sid:2062514; rev:1; metadata:affected_product Firefox, attack_target Client_Endpoint, created_at 2025_05_22, cve CVE_2024_4367, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, updated_at 2025_05_22; target:dest_ip;)
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/dashboard/profile.php#L79https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/wpdm-functions.php#L200https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3313608%40download-manager&old=3308801%40download-manager&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/029956d7-6e3f-4159-9f53-05691e0262fc?source=cve
2025-06-19
Published