The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/01144c50-54ca-44d9-9ce8-bf4f659114ee | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-12-27T10:33:21
Updated: 2021-12-27T10:33:21
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24969
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-12-27T11:15:09.140
Modified: 2022-01-06T17:35:33.473
Link: CVE-2021-24969
JSON object: View
Redhat Information
No data.
CWE