Lucene search
K

6 matches found

Nuclei
Nuclei
added 13 hours ago33 views

WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting

The WordPress Download Manager plugin before version 3.2.44 does not properly sanitize and escape the userids parameter in the stats history dashboard. This allows authenticated attackers to perform Cross-Site Scripting attacks by injecting malicious JavaScript code. id: CVE-2022-2168 info: name:...

6.1CVSS6.4AI score0.0106EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 p.m.11 views

CVE-2022-2168

The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting...

6.1CVSS6.6AI score0.0106EPSS
Exploits2References1
Circl
Circl
added 2022/07/17 2:27 p.m.16 views

CVE-2022-2168

creationtimestamp| type| source ---|---|--- 2022-07-17 14:27:41+00:00| seen| https://t.me/cibsecurity/46384 2025-04-06 08:48:29+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-2168.yaml...

6.1CVSS6AI score0.0106EPSS
Exploits2References2
NVD
NVD
added 2022/07/17 11:15 a.m.18 views

CVE-2022-2168

The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting...

6.1CVSS0.0106EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/07/17 10:36 a.m.20 views

CVE-2022-2168 Download Manager < 3.2.44 - Reflected Cross-Site Scripting

The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting...

6.2AI score0.0106EPSS
Exploits2References1
CVE
CVE
added 2022/07/17 10:36 a.m.87 views

CVE-2022-2168

The CVE-2022-2168 issue affects the WordPress Download Manager plugin, specifically versions prior to 3.2.44. The vulnerability is a Cross-Site Scripting (XSS) flaw in the stats/history dashboard where a generated URL/user_ids value is not properly sanitized/escaped before output, allowing authen...

6.1CVSS6AI score0.0106EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder