Download Manager < 3.2.60 – Reflected XSS | CVE 2022-45836

Affects Plugins

download-manager

Fixed in 3.2.60

References

CVE

CVE-2022-45836

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

7.1 (high)

Miscellaneous

Original Researcher

Rafie Muhammad

Verified

Yes

WPVDB ID

8d51a252-daef-40a9-9ffb-1b51f5c6f957

Timeline

Publicly Published

2022-11-27 (about 3 years ago)

Added

2023-04-18 (about 2 years ago)

Last Updated

2023-04-18 (about 2 years ago)

Other

Published

Title

Published

2011-03-17

Title

Sodahead Polls < 2.0.4 - XSS

Published

2026-01-06

Title

twinklesmtp – Email Service Provider For WordPress <= 1.03 - Authenticated (Administrator+) Stored Cross-Site Scripting via Sender Settings

Published

2025-01-16

Title

Find Content IDs <= 1.0 - Reflected Cross-Site Scripting

Published

2023-03-29

Title

Simple Image Popup < 2.0.0 - Admin+ Stored XSS

Published

2025-08-28

Title

Events Addon for Elementor < 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter and Countdown Widgets