PT-2022-17400 · WordPress · Wp-Downloadmanager

Re-Alter

Published

2022-03-25

Updated

2022-03-30

CVE-2022-25606

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WP-DownloadManager WordPress plugin versions <= 1.68.6

Description Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities were discovered in the WP-DownloadManager WordPress plugin. The vulnerable parameters are download path, download path url, download page url, and download categories.

Recommendations For WP-DownloadManager WordPress plugin versions <= 1.68.6, update to a version higher than 1.68.6 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameters download path, download path url, download page url, and download categories to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-25606

Affected Products

Wp-Downloadmanager

PT-2022-17400 · WordPress · Wp-Downloadmanager

CVE-2022-25606

Weakness Enumeration

Related Identifiers

Affected Products

References · 5