WordPress Plugin Vulnerabilities

Download Monitor < 4.4.7 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting issues

Affects Plugins

Plugin icon
download-monitor
Fixed in 4.4.7

References

CVE
CVE-2021-36920

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Nguy Minh Tuan
Verified
No
WPVDB ID
5b01f184-5bbd-4c8a-b5f6-54d34f46dd1a

Timeline

Publicly Published
2022-01-14 (about 4 years ago)
Added
2022-01-14 (about 4 years ago)
Last Updated
2022-04-12 (about 4 years ago)

Other

Published
Title
Published
2021-09-09
Title
WordPress Simple Shop <= 1.2 - Reflected Cross-Site Scripting
Published
2021-09-20
Title
WordPress to Hootsuite (< 1.3.9) & Buffer (< 3.7.5) - Reflected Cross-Site Scripting
Published
2026-02-17
Title
InteractiveCalculator for WordPress < 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
Published
2026-01-16
Title
Best-wp-google-map <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'latitude' Shortcode Attribute
Published
2022-03-10
Title
UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting