5 matches found
CVE-2024-5266
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdmuserdashboard, wpdmpackage, wpdmpackages, wpdmsearchresult, and wpdmtag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user...
CVE-2024-5266 Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdmuserdashboard, wpdmpackage, wpdmpackages, wpdmsearchresult, and wpdmtag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user...
CVE-2024-5266 Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdmuserdashboard, wpdmpackage, wpdmpackages, wpdmsearchresult, and wpdmtag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user...
CVE-2024-5266
CVE-2024-5266 affects the WordPress Download Manager Pro plugin. Affected versions are all up to and including 3.2.92. The issue is Stored Cross-Site Scripting via multiple shortcodes (wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, wpdm_tag) caused by insufficient input san...
WordPress Download Manager Plugin <= 3.2.92 is vulnerable to Cross Site Scripting (XSS)
Software Download Manager Type Plugin Vulnerable versions = 3.2.92 Fixed in 3.2.94 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5266 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1fa72da13df Credits Jack Taylor Required...