5 results (0.003 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. Se ha detectado múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) Almacenadas y Autenticadas en el plugin WP-DownloadManager de WordPress (versiones anteriores a 1.68.6 incluyéndola). Parámetros vulnerables &amp;download_path, &amp;download_path_url, &amp;download_page_url • https://patchstack.com/database/vulnerability/wp-downloadmanager/wordpress-wp-downloadmanager-plugin-1-68-6-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities https://wordpress.org/plugins/wp-downloadmanager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. Múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) Almacenado y Autenticado detectado en el plugin WP-DownloadManager de WordPress (versiones anteriores a 1.68.6 incluyéndola). Parámetros vulnerables &amp;download_path, &amp;download_path_url, &amp;download_page_url, &amp;download_categories • https://patchstack.com/database/vulnerability/wp-downloadmanager/wordpress-wp-downloadmanager-plugin-1-68-5-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities https://wordpress.org/plugins/wp-downloadmanager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions. Se ha detectado una vulnerabilidad de tipo Cross-Site Scripting (XSS)Reflejado y Autenticado en el plugin WP-DownloadManager de WordPress (versiones anteriores a 1.68.6 incluyéndola) Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). • https://patchstack.com/database/vulnerability/wp-downloadmanager/wordpress-wp-downloadmanager-plugin-1-68-6-authenticated-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on services Una vulnerabilidad de tipo Server-side request forgery en el plugin WP-DownloadManager versión 1.68.4 para WordPress, permite a un atacante enviar peticiones diseñadas desde el servidor back-end de una aplicación web vulnerable por medio del parámetro file_remote del archivo download-add.php. Puede ayudar a identificar puertos abiertos, hosts de la red local y ejecutar comandos en los servicios • https://github.com/secwx/research/blob/main/cve/CVE-2020-24141.md • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en el complemento WP-DownloadManager antes de v1.61 para Wordress, permite a atacantes remotos secuestrar la autenticación de usuarios de su elección para peticiones que insertan secuencias XSS. • http://secunia.com/advisories/52863 http://wordpress.org/extend/plugins/wp-downloadmanager/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •