all InfoSec news
W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin
Malware Analysis, News and Indicators - Latest topics malware.news
On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making it one of the most popular download management plugins. The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using the plugin’s shortcode.
All Wordfence Premium, Wordfence Care, and Wordfence …
addresses april cross-site disclosure download intelligence making management manager plugin popular process responsible responsible disclosure scripting stored xss team threat threat intelligence vulnerability websites wordfence wordpress wordpress plugin xss