Authenticated Persistent Cross-Site Scripting (XSS) Vulnerability in Download Manager
The developer of the WordPress plugin Download Manager has continued to not secure their plugin against authenticated persistent cross-site scripting (XSS) through shortcodes. We looked at that in the past. They didn’t work with us to get the problem fully resolved or get it done on their own. Since then, in version 3.2.98, a changelog entry suggested another attempt, “Fixed a shortcode parameter sanitization issue with the all downloads shortcode ( reported by Jack Taylor from Wordfence )”. Then a changelog for version 3.3.00 suggested another attempt, “Fixed a parameter sanitization issue with short-code [wpdm_login_form].” In looking over the code, we confirmed there is at least one more issue. We would recommend not using the plugin unless the developer shows they are committed to finally fully securing the plugin.
...
This post provides insights on a vulnerability in a WordPress plugin not discovered by us, where the discoverer hadn't provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so the rest of its contents are limited to subscribers of our service.
If you were using our service, you would have already been warned about this vulnerability if your website is vulnerable due to it. You can try out our service for free and then see the rest of the details of the vulnerability.
For existing customers, please log in to your account to view the contents of the post.