CVE-2013-7319
Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.
| Software | From | Fixed in |
|---|---|---|
| w3eden / download_manager | - | 2.5.8.x |
| w3eden / download_manager | 2.5.0 | 2.5.0.x |
| w3eden / download_manager | 2.5.1 | 2.5.1.x |
| w3eden / download_manager | 2.5.2 | 2.5.2.x |
| w3eden / download_manager | 2.5.3 | 2.5.3.x |
| w3eden / download_manager | 2.5.4 | 2.5.4.x |
| w3eden / download_manager | 2.5.5 | 2.5.5.x |
| w3eden / download_manager | 2.5.6 | 2.5.6.x |
| w3eden / download_manager | 2.5.7 | 2.5.7.x |
- http://secunia.com/advisories/55969
- http://wordpress.org/plugins/download-manager/changelog
- http://www.exploit-db.com/exploits/30105
- http://www.nerdbox.it/wordpress-download-manager-xss
- http://www.securityfocus.com/bid/64159
- http://www.wpdownloadmanager.com/support/topic/security-issue-found-who-to-contact
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89524
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime