Lucene search
WPScanCVELIST:CVE-2021-24969HistoryDec 27, 2021 - 10:33 a.m.
CVE-2021-24969 Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting
2021-12-2710:33:21
CWE-79
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
47.0%
The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks
CNA Affected
[
{
"product": "WordPress Download Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.2.22",
"status": "affected",
"version": "3.2.22",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
openvas
openvas
WordPress Download Manager Plugin < 3.2.22 XSS Vulnerability
2022-03-01 00:00:00
patchstack
patchstack
nvd
nvd
CVE-2021-24969
2021-12-27 11:15:09
wpvulndb
wpvulndb
Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting
2021-11-29 00:00:00
wpexploit
wpexploit
Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting
2021-11-29 00:00:00
cve
cve
CVE-2021-24969
2021-12-27 11:15:09
prion
prion
Cross site scripting
2021-12-27 11:15:00