Download Manager < 3.2.44 – Unauthenticated Reflected Cross-Site Scripting | Plugin Vulnerabilities

Description

The plugin does not escape a generated URL before outputting it back in an attribute of the login page made by the plugin, leading to Reflected Cross-Site Scripting, which is only exploitable against unauthenticated users

Proof of Concept

On the login page from the plugin (ie where the [wpdm_login_form] is embed), append ?a"><script>alert(/XSS/)</script>

e.g: against an unauthenticated user, https://example.com/wpdm-login/?a"><script>alert(/XSS/)</script>

Affects Plugins

download-manager

Fixed in 3.2.44

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

95deb79c-bf19-4ab5-aac6-702a13323356

Timeline

Publicly Published

2022-06-27 (about 3 years ago)

Added

2022-06-27 (about 3 years ago)

Last Updated

2022-06-27 (about 3 years ago)

Other

Published

Title

Published

2015-08-28

Title

Thumbnail Carousel Slider < 1.0.1 - Stored Cross-Site Scripting (XSS) & CSRF

Published

2022-08-29

Title

WPtouch < 4.3.44 - Reflected Cross-Site Scripting

Published

2023-04-25

Title

Tiempo.com <= 0.1.2 - Stored XSS via CSRF

Published

2025-02-14

Title

Magic the Gathering Card Tooltips < 3.6.0 - Unauthenticated Stored Cross-Site Scripting

Published

2023-12-27

Title

If-So Dynamic Content Personalization < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting