CVE-2023-6954: XSS
First published: Wed Mar 13 2024(Updated: )
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WP Download Manager | <=3.2.85 | |
| WordPress Download Manager Pro | <=3.2.85 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Category/Shortcodes.php#L14
- https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/Shortcodes.php#L106
- https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode-toolbar.php
- https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5cdd64a4-040b-4dc9-a8df-dbecfeb928c8?source=cve
Frequently Asked Questions
What is the severity of CVE-2023-6954?
CVE-2023-6954 has a medium severity rating due to its potential for Stored Cross-Site Scripting attacks.
How do I fix CVE-2023-6954?
To fix CVE-2023-6954, update the Download Manager Pro plugin to version 3.2.86 or higher, which includes proper input sanitization.
Who is affected by CVE-2023-6954?
All users of Download Manager Pro plugin versions up to and including 3.2.85 are affected by CVE-2023-6954.
What type of vulnerability is CVE-2023-6954?
CVE-2023-6954 is a Stored Cross-Site Scripting (XSS) vulnerability.
Can CVE-2023-6954 be exploited remotely?
Yes, CVE-2023-6954 can be exploited remotely by authenticated attackers through the use of vulnerable shortcodes.
- agent/references
- agent/author
- agent/description
- agent/type
- agent/weakness
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/severity
- agent/last-modified-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- vendor/wpdownloadmanager
- canonical/wp download manager
- version/wp download manager/3.2.85
- vendor/wordpress
- canonical/wordpress download manager pro