logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Download Manager <= 2.9.51 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

The WordPress Download Manager WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

download-manager

Fixed in version 2.9.52

References

CVE

CVE-2017-18032

URL

https://advisories.dxw.com/advisories/xss-download-manager/

URL

https://plugins.trac.wordpress.org/changeset/1674308/download-manager

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

7110da99-300b-4b6f-8f22-6ab65f377948

Timeline

Publicly Published

2017-06-16 (about 4 years ago)

Added

2017-06-19 (about 4 years ago)

Last Updated

2020-09-22 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin