Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].
References
Configurations
History
16 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. |
02 Feb 2022, 20:10
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://github.com/WPChill/download-monitor/blob/master/changelog.txt - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://wordpress.org/plugins/download-monitor/#developers - Product, Third Party Advisory | |
References | (CONFIRM) https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-4-6-authenticated-persistent-cross-site-scripting-xss-vulnerability - Third Party Advisory | |
CPE | cpe:2.3:a:wpchill:download_monitor:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 4.8 |
CWE | CWE-79 |
28 Jan 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-28 20:15
Updated : 2024-09-16 17:15
NVD link : CVE-2021-23174
Mitre link : CVE-2021-23174
CVE.ORG link : CVE-2021-23174
JSON object : View
Products Affected
wpchill
- download_monitor
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')