Lucene search
PatchstackCVELIST:CVE-2021-23174HistoryOct 29, 2021 - 12:00 a.m.
CVE-2021-23174 WordPress Download Monitor plugin <= 4.4.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
2021-10-2900:00:00
CWE-79
Patchstack
www.cve.org
3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
22.9%
Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "download-monitor",
"product": "Download Monitor",
"vendor": "WPChill",
"versions": [
{
"changes": [
{
"at": "4.4.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.4.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
Download Monitor < 4.4.7 - Admin+ Stored Cross-Site Scripting
2021-10-29 00:00:00
cve
cve
CVE-2021-23174
2022-01-28 20:15:10
patchstack
patchstack
prion
prion
Cross site scripting
2022-01-28 20:15:00
checkpoint_advisories
checkpoint_advisories
WordPress Download Monitor Plugin Cross-Site Scripting (CVE-2021-23174)
2022-03-22 00:00:00
cnvd
cnvd
WordPress Download Monitor plugin cross-site scripting vulnerability
2022-03-18 00:00:00
nvd
nvd
CVE-2021-23174
2022-01-28 20:15:10
openvas
openvas
WordPress Download Monitor Plugin < 4.4.7 Multiple Vulnerabilities
2022-02-08 00:00:00
3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
22.9%
Related for CVELIST:CVE-2021-23174