WordPress Download Manager Plugin Vulnerable to Cross Site Scripting

Reflected XSS vulnerability found in the  WordPress Download Manager opens the gate for Hackers and they also do anything an admin can do.

WordPress Download Manager is a Files / Documents Management Plugin to manage, track and control file downloads from your WordPress Site. It holds Active installs:90,000+ and the latest version 2.9.52.

XSS attack

XSS (short for Cross-Site Scripting) is a widespread vulnerability that affects many web applications. The danger behind XSS is that it allows an attacker to inject content into a website and modify how it is displayed, forcing a victim’s browser to execute the code provided by the attacker while loading the page.Read More about XSS.

Vulnerability Disclosure

This vulnerability was disclosed by Tom Adams, this plugin outputs $_GET[‘id’] inside HTML without escaping which means anyone able to convince an admin to follow a link can add arbitrary HTML to the page. For POC refer dxwSecurity.

Also Read How to Do Penetration testing with your WordPress website detailed Explanation

2017-03-30: Discovered
2017-05-26: Reported to contact () w3eden com
2017-06-09: First response from vendor saying it’s been fixed and an update will be coming soon
2017-06-09: Version 2.9.52 released “Fixed issue with input data formatting”
2017-06-16: Advisory published

Mitigation

Update to version 2.9.52 or later.

How to Update

You can update from Dashboard >> Updates >> Update Now OR through Plugins >> Installed plugins >> Update.

Also Read WordPress AffiliateWP Plugin Vulnerable for Cross-Site Scripting