CVE-2022-25605 – WordPress WP-DownloadManager plugin <= 1.68.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-25605
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. Se ha detectado múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) Almacenadas y Autenticadas en el plugin WP-DownloadManager de WordPress (versiones anteriores a 1.68.6 incluyéndola). Parámetros vulnerables &download_path, &download_path_url, &download_page_url • https://patchstack.com/database/vulnerability/wp-downloadmanager/wordpress-wp-downloadmanager-plugin-1-68-6-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities https://wordpress.org/plugins/wp-downloadmanager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-25606 – WordPress WP-DownloadManager plugin <= 1.68.5 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-25606
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. Múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) Almacenado y Autenticado detectado en el plugin WP-DownloadManager de WordPress (versiones anteriores a 1.68.6 incluyéndola). Parámetros vulnerables &download_path, &download_path_url, &download_page_url, &download_categories • https://patchstack.com/database/vulnerability/wp-downloadmanager/wordpress-wp-downloadmanager-plugin-1-68-5-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities https://wordpress.org/plugins/wp-downloadmanager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-44760 – WordPress WP-DownloadManager plugin <= 1.68.6 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-44760
Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions. Se ha detectado una vulnerabilidad de tipo Cross-Site Scripting (XSS)Reflejado y Autenticado en el plugin WP-DownloadManager de WordPress (versiones anteriores a 1.68.6 incluyéndola) Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). • https://patchstack.com/database/vulnerability/wp-downloadmanager/wordpress-wp-downloadmanager-plugin-1-68-6-authenticated-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-24141 – WP-DownloadManager <= 1.68.4 - Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2020-24141
Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on services Una vulnerabilidad de tipo Server-side request forgery en el plugin WP-DownloadManager versión 1.68.4 para WordPress, permite a un atacante enviar peticiones diseñadas desde el servidor back-end de una aplicación web vulnerable por medio del parámetro file_remote del archivo download-add.php. Puede ayudar a identificar puertos abiertos, hosts de la red local y ejecutar comandos en los servicios • https://github.com/secwx/research/blob/main/cve/CVE-2020-24141.md • CWE-918: Server-Side Request Forgery (SSRF) •