CVE-2019-15889 Scanner
CVE-2019-15889 scanner - Cross-Site Scripting (XSS) vulnerability in Download Manager plugin for WordPress
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 1 day
Scan only one
URL
Toolbox
-
The Download Manager plugin is a popular WordPress utility that enables website operators to manage files and downloads on their platform. This plugin enables website operators to upload and manage files, track downloads, and restrict access to downloads. The plugin makes it easy for website visitors to navigate the website and download content like eBooks, software, music, and other files.
The CVE-2019-15889 vulnerability was reported in the plugin before version 2.9.94. The vulnerability was linked to the category shortcode feature, which makes it possible for malicious actors to access the website's files. This vulnerability potentially exposes users to cross-site scripting (XSS) attacks, which can lead to unauthorized disclosure of confidential information.
If exploited, this vulnerability can lead to numerous risks, such as data breaches, loss of sensitive information, phishing scams, malware infections, and website takeover. Hackers can use this vulnerability to access sensitive information like passwords and other personal data. This is why it is crucial to take swift action to address the vulnerability.
In summary, the Download Manager plugin for WordPress has improved how website operators manage files and downloads on their websites. However, the CVE-2019-15889 vulnerability exposes website operators and users to XSS attacks and other cybersecurity risks. As such, it is essential to take precautions to protect your website by staying up-to-date with the latest plugin and software versions, and operating behind a WAF. At S4E, we offer pro features to help you quickly learn about vulnerabilities on your digital assets, allowing you to take quick and effective actions to protect your website and users.
REFERENCES
- http://packetstormsecurity.com/files/154356/WordPress-Download-Manager-2.9.93-Cross-Site-Scripting.html
- https://packetstormsecurity.com/files/152511/WordPress-Download-Manager-2.9.92-Cross-Site-Scripting.html
- https://packetstormsecurity.com/files/152552/WordPress-Download-Manager-2.9.93-Cross-Site-Scripting.html
- https://plugins.trac.wordpress.org/changeset/2070388/download-manager
- https://wordpress.org/plugins/download-manager/#developers
- https://wpvulndb.com/vulnerabilities/9257
- https://www.cybersecurity-help.cz/vdb/SB2019041819
