Lucene search

K
wpvulndbApple502jWPVDB-ID:EF9AE513-6C29-45C2-B5AE-4A06A217C499
HistoryOct 05, 2021 - 12:00 a.m.

Simple Download Monitor < 3.9.5 - Reflected Cross-Site Scripting

2021-10-0500:00:00
apple502j
wpscan.com
10

0.001 Low

EPSS

Percentile

41.3%

The plugin does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

PoC

PoC 1: This requires Firefox due to onclick+accesskey trick on hidden input. There is another injection point, but magic quotes are doing its job (it’s inside badly-enqueued inline JS) 1) Go to https://example.com/wp-admin/edit.php?post_type=sdm_downloads&amp;page;=sdm-stats&amp;sdm;_active_tab=browserList"+accesskey%3DA+onclick%3Dalert(origin)%2F%2F 2) Press Alt-Shift-A (Windows) or Cmd-Alt-A (macOS) PoC 2: This does not have browser requirement.

CPENameOperatorVersion
simple-download-monitorlt3.9.5

0.001 Low

EPSS

Percentile

41.3%

Related for WPVDB-ID:EF9AE513-6C29-45C2-B5AE-4A06A217C499