Page 5 of 23 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de Cross-Site Scripting (XSS) en versiones anteriores a la 2.9.50 de WordPress Download Manager permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. The WordPress Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting parameter in versions up to, and including, 2.9.49 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://jvn.jp/en/jp/JVN79738260/index.html https://plugins.trac.wordpress.org/changeset/1650075 https://wordpress.org/plugins/download-manager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 104EXPL: 1

Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php. Vulnerabilidad de salto de directorio en el plugin WordPress Download Manager para WordPress permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro fname en (1) views/file_download.php o (2) file_download.php. • http://packetstormsecurity.com/files/128852/WordPress-Download-Manager-Arbitrary-File-Download.html http://www.securityfocus.com/bid/70764 https://exchange.xforce.ibmcloud.com/vulnerabilities/98318 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.2EPSS: 1%CPEs: 9EXPL: 2

Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field. Vulnerabilidad de XSS en el plugin Download Manager anterior a 2.5.9 para WordPress permite a atacantes remotos inyectar script Web o HTML arbitrario a través del campo "title". • https://www.exploit-db.com/exploits/30105 http://secunia.com/advisories/55969 http://wordpress.org/plugins/download-manager/changelog http://www.exploit-db.com/exploits/30105 http://www.nerdbox.it/wordpress-download-manager-xss http://www.securityfocus.com/bid/64159 http://www.wpdownloadmanager.com/support/topic/security-issue-found-who-to-contact https://exchange.xforce.ibmcloud.com/vulnerabilities/89524 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •