Database
arrow right WP-DownloadManager 3
arrow right #fc55ba6f3f51
API Monitor free
Report
arrow right To plugin page
Fixed

WordPress WP-DownloadManager plugin <= 1.68.5 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

4.8
CVSS 3.1 score Medium severity
Monitoring Coming soon

Find out about vulnerable plugins in your websites for free.

Scan your website arrow right
Software
WP-DownloadManager
Type
Plugin
Vulnerable versions
<= 1.68.5
Fixed in
1.68.6
PSID
fc55ba6f3f51
CVE ID
CVE-2022-25606
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires high role user authentication like admin.
Credits
Ex.Mi (Patchstack)
Publicly disclosed
2022-01-10

Details

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered by Ex.Mi (Patchstack) in WordPress WP-DownloadManager plugin (versions <= 1.68.5).

Solution

Update the WordPress WP-DownloadManager plugin to the latest available version (at least 1.68.6)

References

CVE-2022-25606 Plugin changelog

Other known vulnerabilities for WP-DownloadManager

DownloadManager plugin <= 1.68.6 Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities

<= 1.68.6

4.8

12.01.2022

DownloadManager plugin <= 1.68.6 Authenticated Reflected CrossSite Scripting (XSS) vulnerability

<= 1.68.6

4.8

08.12.2021

Submit vulnerabilities and become a verified Alliance member

Learn more

All solutions

WordPress security Plugin auditing Vulnerability database Vulnerability API Bug bounty program BETA

WordPress security

Patchstack for WordPress For agencies NEW Pricing & features Documentation Changelog

Patchstack

About us Careers Media kit Insights & articles

Social

WordPress security Plugin auditing Vulnerability database Vulnerability API Bug bounty program BETA
Patchstack for WordPress For agencies NEW Pricing & features Documentation Changelog
About us Careers Media kit Insights & articles
DPA Privacy Policy Terms & Conditions

All solutions

WordPress security Plugin auditing Vulnerability database Vulnerability API Bug bounty program BETA

WordPress Security

Patchstack for WordPress For agencies NEW Pricing & features Documentation Changelog

Patchstack

About us Careers Media kit Insights & articles

Social

© 2022 Patchstack

DPA Privacy Policy T&C

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close