Ad End 1 August 2025
Ad Ends 13 July 2025
ad End 25 October 2025
Ad Ends 20 April 2025
Ad expire at 5 August 2024
banner Expire 9 June 2025
banner Expire 25 October 2025
banner Expire 10 May 2025
Menu
What's new
By:
Filters
Wizard's shop 2.0
Money Club cc shop
banner Expire 15 January 2025
banner Expire 20 October 2024
UniCvv
Yale Lodge
Kfc CLub
adv exp at 30 July 2025
Carding.pw carding forum
BidenCash Shop

WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS

File_closed07

File_closed07

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
7,903
Reaction score
942
Points
212
Awards
2
  • trusted user
  • Rich User
WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS


Code:
# WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS

# Vendor Homepage: http://www.wpdownloadmanager.com
# Software Link: https://wordpress.org/plugins/download-manager
# Affected Versions: Free 2.7.94 & Pro 4
# Tested on: WordPress 4.2.2

# Discovered by Filippos Mastrogiannis
# Twitter: @filipposmastro
# LinkedIn: https://www.linkedin.com/pub/filippos-mastrogiannis/68/132/177

-- Description --

This stored XSS vulnerability allows any authenticated wordpress user
to inject malicious code via the name of the uploaded file:
e.g. <svg onload=3D3Dalert(0)>.jpg

The vulnerability exists because the file name is not properly sanitized
and this can lead to malicious code injection that will be executed on the
target=3DE2=3D80=3D99s browser

-- Proof of Concept --

1. The attacker creates a new download package via the plugin's menu
and uploads a file with the name: <svg onload=3D3Dalert(0)>.jpg

2. The stored XSS can be triggered when an authenticated user (e.g. admin)
attempts to edit this download package

-- Solution --

Upgrade to the latest version
 
You must log in or register to reply here.
Ad End 1 February 2024
Top