CVE-2020-24145
Description
Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML.
Vulnerability Type
Cross Site Scripting (XSS)
Vendor of Product
CreativeMindsSolutions
Affected Product Code Base
Wordpress Plugin: cm-download-manager - 2.7.0
CVE Impact Other
hijacked, credentials could be stolen, sensitive data could be exfiltrated
Reference
- https://wordpress.org/plugins/cm-download-manager/#developers
- https://github.com/secwx/research/blob/main/cve/CVE-2020-24145.md
Has vendor confirmed or acknowledged the vulnerability?
true
Discoverer
Suzhou Aurora Infinity Information Technology Co., Ltd.