CVE-2021-23174

Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpchill:download_monitor:*:*:*:*:*:wordpress:*:*

History

16 Sep 2024, 17:15

Type Values Removed Values Added
Summary (en) Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. (en) Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].

02 Feb 2022, 20:10

Type Values Removed Values Added
References (CONFIRM) https://github.com/WPChill/download-monitor/blob/master/changelog.txt - (CONFIRM) https://github.com/WPChill/download-monitor/blob/master/changelog.txt - Release Notes, Third Party Advisory
References (CONFIRM) https://wordpress.org/plugins/download-monitor/#developers - (CONFIRM) https://wordpress.org/plugins/download-monitor/#developers - Product, Third Party Advisory
References (CONFIRM) https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-4-6-authenticated-persistent-cross-site-scripting-xss-vulnerability - (CONFIRM) https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-4-6-authenticated-persistent-cross-site-scripting-xss-vulnerability - Third Party Advisory
CPE cpe:2.3:a:wpchill:download_monitor:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 4.8
CWE CWE-79

28 Jan 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-28 20:15

Updated : 2024-09-16 17:15


NVD link : CVE-2021-23174

Mitre link : CVE-2021-23174

CVE.ORG link : CVE-2021-23174


JSON object : View

Products Affected

wpchill

  • download_monitor
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')