CVE-2021-24969

CVE-2021-24969

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks

Source: CVE-2021-24969

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다