WordPress Download Manager 3.2.43 Cross Site Scripting

2022.06.22

Credit: Andrea Bocchetti

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2022-2101

CWE: CWE-79

Exploit Title: Download Manager Cross-Site Scripting
Date: 2022-06-16
Exploit Author : Andrea Bocchetti
Vendor Homepage : https://wordpress.org/plugins/download-manager/
Version : <= 3.2.43
Tested on: windows
CVE : CVE-2022-2101
######## Description ########
# 1-) Login in the plugin page
# 2-) add the xss payload in the field "Insert URL"
# 3-) Click on the link , the JS code will be interpreted.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress Download Manager 3.2.43 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.