Reflected XSS in Ederson Peka Media Downloader Vulnerability
CVE-2025-24684

7.1HIGH

Key Information:

Vendor: WordPress
Status: Media Downloader
Vendor: CVE Published:; 3 February 2025

Summary

The Ederson Peka Media Downloader plugin for WordPress contains a vulnerability that allows for reflected cross-site scripting (XSS) attacks. By improperly neutralizing input during web page generation, an attacker can craft malicious URLs that exploit this vulnerability. This may lead to the execution of arbitrary scripts in the context of the user's browser, potentially compromising user data and site integrity. The versions affected by this vulnerability range from n/a up to and including 0.4.7.5.

Affected Version(s)

Media Downloader <= 0.4.7.5

References

https://patchstack.com/database/wordpress/plugin/media-do...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)