WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Download Manager <= 2.9.51 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

The WordPress Download Manager WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

download-manager
Fixed in version 2.9.52

References

CVE
CVE-2017-18032
URL
https://advisories.dxw.com/advisories/xss-download-manager/
URL
https://plugins.trac.wordpress.org/changeset/1674308/download-manager

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter
ethicalhack3r
Verified

No

WPVDB ID
7110da99-300b-4b6f-8f22-6ab65f377948

Timeline

Publicly Published

2017-06-16 (about 5 years ago)

Added

2017-06-19 (about 5 years ago)

Last Updated

2020-09-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin