2 matches found
CVE-2022-2101
CVE-2022-2101 affects the WordPress Download Manager plugin (versions up to 3.2.46). It enables Stored Cross-Site Scripting via the file[files][] parameter due to insufficient input sanitization and output escaping. Authenticated attackers with contributor+ permissions can inject scripts on the f...
WordPress Download Manager 3.2.43 Cross Site Scripting
Exploit Title: Download Manager Cross-Site Scripting Date: 2022-06-16 Exploit Author : Andrea Bocchetti Vendor Homepage : https://wordpress.org/plugins/download-manager/ Version : = 3.2.43 Tested on: windows CVE : CVE-2022-2101 Description 1- Login in the plugin page 2- add the xss payload in the...