Lucene search
PRIOn knowledge basePRION:CVE-2021-24969HistoryDec 27, 2021 - 11:15 a.m.
Cross site scripting
2021-12-2711:15:00
PRIOn knowledge base
www.prio-n.com
4
0.001 Low
EPSS
Percentile
46.9%
The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress_download_manager | lt | 3.2.22 |
Related
cnvd
cnvd
openvas
openvas
WordPress Download Manager Plugin < 3.2.22 XSS Vulnerability
2022-03-01 00:00:00
patchstack
patchstack
wpvulndb
wpvulndb
Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting
2021-11-29 00:00:00
nvd
nvd
CVE-2021-24969
2021-12-27 11:15:09
wpexploit
wpexploit
Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting
2021-11-29 00:00:00
cvelist
cvelist
cve
cve
CVE-2021-24969
2021-12-27 11:15:09