ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Download Manager Free & Pro Plugin 2.5.8 - Persistent Cross Site Scripting

Product
Download Manager Free & Pro
Description
Download Manager Free & Pro plugin is prone to a persistent XSS vulnerability. The title input field is not sanitized and therefor vulnerable to persistent cross site scripting.
Solution
Upgrade the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE-2013-7319
Versions
Affected In <= 2.5.8
Fixed In 2.5.9
Disclosure date
2013-12-08
Credits
Jeroen - IT Nerdbox