Vulnerabilities > CVE-2022-1985 - Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file.
Vulnerable Configurations
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2736071%40download-manager&new=2736071%40download-manager&sfp_email=&sfph_mail=
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2736071%40download-manager&new=2736071%40download-manager&sfp_email=&sfph_mail=
- https://wordpress.org/plugins/download-manager/#developers
- https://wordpress.org/plugins/download-manager/#developers
- https://www.wordfence.com/blog/2022/06/security-vulnerability-download-manager-plugin/
- https://www.wordfence.com/blog/2022/06/security-vulnerability-download-manager-plugin/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/79fcf18e-39f7-42f2-90e4-3a5bac3382e0?source=cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/79fcf18e-39f7-42f2-90e4-3a5bac3382e0?source=cve
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1985
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1985