CVE-2017-18032

The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2018-01-16 09:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-18032

Mitre link : CVE-2017-18032

CVE.ORG link : CVE-2017-18032


JSON object : View

Products Affected

wpdownloadmanager

  • wordpress_download_manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')