How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Download Manager < 3.2.53 - Unauthenticated Reflected Cross-Site Scripting

Description

The plugin does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute of the modal login page (only available when users are not logged in), which could lead to Reflected Cross-Site Scripting in old web browsers.

Proof of Concept

On the modal login page from the plugin and using an old web browser (such as IE), append ?a"><script>alert(/XSS/)</script>

e.g: https://example.com/login/?a"><script>alert(/XSS/)</script>

Affects Plugins

download-manager

Fixed in version 3.2.53

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

394007c5-7923-46fe-bb4c-2377d66ff900

Timeline

Publicly Published

2022-08-04 (about 5 months ago)

Added

2022-08-04 (about 5 months ago)

Last Updated

2022-08-04 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin