In WordPress news, one particular plugin has a new cross-site scripting vulnerability. Wordfence reported that there is a major cross-site scripting vulnerability in the Download Manager plugin.
Download Manager is a plugin used to help manage and control file downloads with a number of specific download controls that restricts unauthorized file access.
This plugin also provides a complete solution to sell digital products on WordPress sites, including checkout functionality to complete an order.
The main function of the plugin that was found to be vulnerable was the ability to use a shortcode that embedded files and other digital assets in a page, or a post.
More specifically, reflected cross-site scripting was a vulnerability that this function was susceptible to.
The CVSS (or Common Vulnerability Scoring System) score, which is a score used to assess particular vulnerabilities and their impact, is around 6.1. While not inherently severe, it’s still cause for concern.
Wordfence reported that:
Without proper sanitization and escaping in place on user-supplied inputs, JavaScript can be used to manipulate the page. Even an unsophisticated attacker could hijack the form and use it to trick a site administrator into unknowingly disclosing sensitive information, or to collect cookie values.
More specialized attackers would use this capability to gain administrator access or add a backdoor and take over the site. If the attacker gains this access, they would have access to the same information the administrator would be able to access, including user details and customer information.”
Because of the severe nature of this vulnerability, we recommend that you do a full upgrade.
Be Sure to Upgrade Your Plugin!!
If you run WordPress, and you take advantage of this particular plugin, it’s recommended that you update it as quickly as possible so you can make sure your server is running all possible patched versions.
Otherwise, you could leave yourself open to certain nasty vulnerabilities.