The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
1. “Enable modal login form” option in the “Downloads > Settings > Frontend Access > Front-end Settings” section. 2. Exploit shortcode: [wpdm_modal_login_form class=‘" onmouseover="alert(1)’]
CPE | Name | Operator | Version |
---|---|---|---|
download-manager | lt | 3.2.62 |