Unauthenticated Stored XSS in Download Plugins Dashboard for WordPress
CVE-2019-17239
6.1MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 7 October 2019
What is CVE-2019-17239?
The Download Plugins Dashboard plugin for WordPress versions up to 1.5.0 exhibits multiple unauthenticated stored cross-site scripting (XSS) vulnerabilities. These flaws allow attackers to inject malicious scripts into the application, which can be executed in the context of other users, potentially leading to unauthorized actions and data theft. Proper sanitization and validation are recommended to mitigate these risks.