XSS Vulnerability in CM Downloads Manager Plugin for WordPress
CVE-2020-27344

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Cm Download Manager
Vendor: CVE Published:; 21 October 2020

Summary

The CM Download Manager Plugin for WordPress, prior to version 2.8.0, is susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw allows attackers to inject malicious scripts into web pages viewed by users, which can lead to session hijacking, defacement, or redirection to malicious sites. Proper input validation mechanisms are lacking in older versions of the plugin, making it crucial for users to update to the latest version to mitigate this security risk. For more details, visit the WordPress CM Download Manager documentation.

References

https://wordpress.org/plugins/cm-download-manager/#develo...

x_refsource_MISC

https://gist.github.com/qwebee/da79c6a9fa982c3c40988a1e05...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Oct 20, 2020