WordPress Easy Media Download plugin <= 1.1.5 - Stored Cross-Site Scripting (XSS) vulnerability

2021-09-2200:00:00

apple502j

patchstack.com

Stored Cross-Site Scripting (XSS) vulnerability discovered by apple502j in WordPress Easy Media Download plugin (versions <= 1.1.5).

Solution

           Update the WordPress Easy Media Download plugin to the latest available version (at least 1.1.7).

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24699

wordpress.org/plugins/easy-media-download/#developers

wpscan.com/vulnerability/4f5c3f75-0501-4a1a-95ea-cbfd3fc96852