Reflected XSS vulnerability found in the  WordPress Download Manager opens the gate for Hackers and they also do anything an admin can do.

WordPress Download Manager is a Files / Documents Management Plugin to manage, track and control file downloads from your WordPress Site. It holds Active installs:90,000+ and the latest version 2.9.52.

XSS attack

XSS (short for Cross-Site Scripting) is a widespread vulnerability that affects many web applications. The danger behind XSS is that it allows an attacker to inject content into a website and modify how it is displayed, forcing a victim’s browser to execute the code provided by the attacker while loading the page.Read More about XSS.

Vulnerability Disclosure

This vulnerability was disclosed by Tom Adams, this plugin outputs $_GET[‘id’] inside HTML without escaping which means anyone able to convince an admin to follow a link can add arbitrary HTML to the page. For POC refer dxwSecurity.

Also Read How to Do Penetration testing with your WordPress website detailed Explanation

2017-03-30: Discovered
2017-05-26: Reported to contact () w3eden com
2017-06-09: First response from vendor saying it’s been fixed and an update will be coming soon
2017-06-09: Version 2.9.52 released “Fixed issue with input data formatting”
2017-06-16: Advisory published

Mitigation

Update to version 2.9.52 or later.

How to Update

You can update from Dashboard >> Updates >> Update Now OR through Plugins >> Installed plugins >> Update.

Also Read WordPress AffiliateWP Plugin Vulnerable for Cross-Site Scripting

LEAVE A REPLY

Please enter your comment!
Please enter your name here