Lucene search
WPScanCVELIST:CVE-2021-25069HistoryFeb 21, 2022 - 10:45 a.m.
CVE-2021-25069 WordPress Download Manager < 3.2.34 - Authenticated SQL Injection to Reflected XSS
2022-02-2110:45:48
CWE-89
WPScan
www.cve.org
3
wordpress download manager
sql injection
xss
cve-2021-25069
The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue
CNA Affected
[
{
"product": "Download Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.2.34",
"status": "affected",
"version": "3.2.34",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
openvas
openvas
WordPress Download Manager Plugin < 3.2.34 SQLi Vulnerability
2022-03-01 00:00:00
prion
prion
Cross site scripting
2022-02-21 11:15:00
wpexploit
wpexploit
patchstack
patchstack
nvd
nvd
CVE-2021-25069
2022-02-21 11:15:08
cve
cve
CVE-2021-25069
2022-02-21 11:15:08
nessus
nessus
Download Manager Plugin for WordPress < 3.2.34 Multiple Vulnerabilities
2023-09-13 00:00:00