Download Monitor < 4.4.7 - Admin+ Stored Cross-Site Scripting

2021-10-2900:00:00

wpscan.com

0.001 Low

EPSS

Percentile

22.9%

JSON

The plugin does not sanitise and escape the post_id and downloadable_file_version parameters, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks

CPENameOperatorVersion
download-monitorlt4.4.7

CPE	Name	Operator	Version
	download-monitor	lt	4.4.7

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for WPVDB-ID:EDE6D5AF-B641-478C-8E74-B0C02BA26A97