Ad End 1 May 2026
Ad End 4 April 2026
ad End 17 June 2026
ad End 25 April 2026
banner Expire 25 April 2025
adv exp at 20 April 2026
banner Expire 25 April 2025
banner Expire 23 June 2026
banner Expire 3 July 2026
Ads end 31 October 2026
Menu
What's new
By:
Filters
Luki Crown
Ads end 31 October 2026
ad End 5 May 2026
Wizard's shop 2.0
banner Expire 10 May 2026
best shop

WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS

File_closed07

File_closed07

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
8,065
Reaction score
1,033
Points
212
Awards
2
  • trusted user
  • Rich User
WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS


Code:
# WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS

# Vendor Homepage: http://www.wpdownloadmanager.com
# Software Link: https://wordpress.org/plugins/download-manager
# Affected Versions: Free 2.7.94 & Pro 4
# Tested on: WordPress 4.2.2

# Discovered by Filippos Mastrogiannis
# Twitter: @filipposmastro
# LinkedIn: https://www.linkedin.com/pub/filippos-mastrogiannis/68/132/177

-- Description --

This stored XSS vulnerability allows any authenticated wordpress user
to inject malicious code via the name of the uploaded file:
e.g. <svg onload=3D3Dalert(0)>.jpg

The vulnerability exists because the file name is not properly sanitized
and this can lead to malicious code injection that will be executed on the
target=3DE2=3D80=3D99s browser

-- Proof of Concept --

1. The attacker creates a new download package via the plugin's menu
and uploads a file with the name: <svg onload=3D3Dalert(0)>.jpg

2. The stored XSS can be triggered when an authenticated user (e.g. admin)
attempts to edit this download package

-- Solution --

Upgrade to the latest version
 
You must log in or register to reply here.
Ad End 1 November 2024
Top