CVE-2017-2216

Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Link Resource
https://jvn.jp/en/jp/JVN79738260/index.html Third Party Advisory
https://plugins.trac.wordpress.org/changeset/1650075/ Issue Tracking Patch Vendor Advisory
https://wordpress.org/plugins/download-manager/#developers Patch Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2017-07-07 13:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-2216

Mitre link : CVE-2017-2216

CVE.ORG link : CVE-2017-2216


JSON object : View

Products Affected

wpdownloadmanager

  • wordpress_download_manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')