BID:53176

WordPress Download Manager Plugin 'cid' Parameter Cross Site Scripting Vulnerability

Info

WordPress Download Manager Plugin 'cid' Parameter Cross Site Scripting Vulnerability

Bugtraq ID:	53176
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 20 2012 12:00AM
Updated:	Apr 20 2012 12:00AM
Credit:	Reported by the vendor
Vulnerable:	WordPress Download Manager 2.2.2

Not Vulnerable:	WordPress Download Manager 2.2.3

Discussion

WordPress Download Manager Plugin 'cid' Parameter Cross Site Scripting Vulnerability

Download Manager plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Download Manager versions prior to 2.2.3 are vulnerable.

Exploit / POC

WordPress Download Manager Plugin 'cid' Parameter Cross Site Scripting Vulnerability

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

Solution / Fix

WordPress Download Manager Plugin 'cid' Parameter Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

WordPress Download Manager Plugin 'cid' Parameter Cross Site Scripting Vulnerability

References:

Download Manager Homepage (Wordpress)
WordPress Homepage (WordPress)