Lucene search
PRIOn knowledge basePRION:CVE-2022-4476HistoryJan 16, 2023 - 4:15 p.m.
Cross site scripting
2023-01-1616:15:00
PRIOn knowledge base
www.prio-n.com
4
cross site scripting
download manager plugin
stored xss
0.001 Low
EPSS
Percentile
46.4%
The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress_download_manager | lt | 3.2.62 |
Related
nvd
nvd
CVE-2022-4476
2023-01-16 16:15:12
wpexploit
wpexploit
Download Manager < 3.2.62 - Contributor+ Stored XSS
2022-12-20 00:00:00
openvas
openvas
WordPress Download Manager Plugin < 3.2.62 XSS Vulnerability
2023-01-17 00:00:00
cvelist
cvelist
CVE-2022-4476 Download Manager < 3.2.62 - Contributor+ Stored XSS
2023-01-16 15:38:02
cve
cve
CVE-2022-4476
2023-01-16 16:15:12
wpvulndb
wpvulndb
Download Manager < 3.2.62 - Contributor+ Stored XSS
2022-12-20 00:00:00