Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-7319

Publish Date: 08 Dec 2013

                							

                # Exploit Title: Wordpress Plugin: Wordpress Download Manager Free &amp; Pro
Persistent Cross Site Scripting 

# Google Dork:

# Date: 12-06-2013

# Exploit Author: IT Nerdbox

# Vendor Homepage: http://www.wpdownloadmanager.com # Software Link:
http://downloads.wordpress.org/plugin/download-manager.zip

# Version: v3.3.8

# Tested on: Wordpress 3.7.1 on Linux CentOS # CVE : N/A

 

 

 

When creating a new download package you need to enter a title, description
and the file(s) that you want to be available for download. The title input
field is not sanitized and therefor vulnerable to persistent cross site
scripting. The payload used is &lt;input onmouseover=prompt(document.cookie)&gt;

 

 

More information, including screenshots, can be found at:

http://www.nerdbox.it/wordpress-download-manager-xss/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

WordPress Plugin Download Manager Free & Pro 2.5.8 - Persistent Cross-Site Scripting

Vulmon Search

About

Products

Connect