Reflected XSS vulnerability found in the WordPress Download Manager opens the gate for Hackers and they also do anything an admin can do.
WordPress Download Manager is a Files / Documents Management Plugin to manage, track and control file downloads from your WordPress Site. It holds Active installs:90,000+ and the latest version 2.9.52.
XSS attack
XSS (short for Cross-Site Scripting) is a widespread vulnerability that affects many web applications. The danger behind XSS is that it allows an attacker to inject content into a website and modify how it is displayed, forcing a victim’s browser to execute the code provided by the attacker while loading the page.Read More about XSS.
Vulnerability Disclosure
This vulnerability was disclosed by Tom Adams, this plugin outputs $_GET[‘id’] inside HTML without escaping which means anyone able to convince an admin to follow a link can add arbitrary HTML to the page. For POC refer dxwSecurity.
Also Read How to Do Penetration testing with your WordPress website detailed Explanation
2017-03-30: Discovered
2017-05-26: Reported to contact () w3eden com
2017-06-09: First response from vendor saying it’s been fixed and an update will be coming soon
2017-06-09: Version 2.9.52 released “Fixed issue with input data formatting”
2017-06-16: Advisory published
Mitigation
Update to version 2.9.52 or later.
How to Update
You can update from Dashboard >> Updates >> Update Now OR through Plugins >> Installed plugins >> Update.
Also Read WordPress AffiliateWP Plugin Vulnerable for Cross-Site Scripting
