CVE-2022-2168

Summary

The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting

Affected Software

VendorProductVersion RangeStatus
UnknownDownload Manager3.2.44 < 3.2.44affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References