The login-form.php view file class Register If (!isset($params) || !is_array($params)) $params = array() Examining the code reveals that the functions of both forms do not adequately sanitize the user-supplied ‘logo’ input, and in the view files these ‘logo’ outputs are not adequately escaped. However, the insecure implementation of these two shortcode functions, similar to the previous example, also allows arbitrary web scripts to be inserted into these pages. There are two other shortcodes, a login form shortcode ( ) and a registration form shortcode ( ), that add forms to a WordPress site. Vulnerability Summary from Wordfence Intelligence ![]() We urge users to update their sites with the latest patched version of Download Manager, version 3.2.71 at the time of this writing, as soon as possible. We would like to commend the W3 Eden development team for their prompt response and timely patch. After providing full disclosure details, the developer released a patch on May 1, 2023. We contacted W3 Eden on April 25, 2023, and promptly received a response. ![]() The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using the plugin’s shortcode.Īll Wordfence Premium, Wordfence Care, and Wordfence Response customers, as well as those still using the free version of our plugin, are protected against any exploits targeting this vulnerability by the Wordfence firewall’s built-in Cross-Site Scripting protection. On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making it one of the most popular download management plugins. W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |