Lucene search
K

4 matches found

CVE
CVE
added 2023/06/09 5:33 a.m.41 views

CVE-2023-2305

CVE-2023-2305 affects the WordPress Download Manager plugin up to version 3.2.70, where stored XSS is possible via the wpdm_members, wpdm_login_form, and wpdm_reg_form shortcodes due to insufficient input sanitization and output escaping. Privileged attackers with contributor-level permissions ca...

6.4CVSS5.2AI score0.00646EPSS
Exploits2References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.10 views

CVE-2023-2305 Download Manager <= 3.2.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdmmembers', 'wpdmloginform', 'wpdmregform' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6.6AI score0.00646EPSS
Exploits2References6
Wordfence Blog
Wordfence Blog
added 2023/05/22 2:49 p.m.27 views

W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin

On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making it one of the mos...

4.9CVSS6AI score0.00646EPSS
Exploits2
Patchstack
Patchstack
added 2023/05/15 12:0 a.m.12 views

WordPress Download Manager Plugin <= 3.2.70 is vulnerable to Cross Site Scripting (XSS)

Software Download Manager Type Plugin Vulnerable versions = 3.2.70 Fixed in 3.2.71 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2305 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 119cb19208aa Credits Lana Codes...

6.4CVSS5.6AI score0.00646EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder