CVE-2025-4367
BaseFortify
Publication date: 2025-06-19
Last updated on: 2025-07-09
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| w3eden | download_manager | to 3.3.19 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-80 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the WordPress Download Manager plugin up to version 3.3.18. It occurs because the plugin does not properly sanitize and escape user-supplied attributes in the wpdm_user_dashboard shortcode. Authenticated users with author-level access or higher can inject malicious scripts into pages, which then execute whenever other users view those pages. The vulnerability specifically involves insufficient sanitization of attributes like the image alt attribute, allowing attackers to embed arbitrary web scripts. [1, 3]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with author-level access or higher to inject malicious scripts into the website's pages. These scripts can execute in the browsers of users who visit the affected pages, potentially leading to theft of user credentials, session hijacking, defacement, or other malicious actions. Since the attack is stored, the malicious code persists and affects multiple users. This can compromise the security and integrity of your WordPress site and its users. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your WordPress site is running the Download Manager plugin version 3.3.18 or earlier, which is vulnerable to stored cross-site scripting via the wpdm_user_dashboard shortcode. Detection involves checking the plugin version and inspecting pages that use this shortcode for injected scripts. Since the vulnerability requires authenticated users with author-level access or higher, monitoring user inputs and outputs related to the wpdm_user_dashboard shortcode is important. There are no specific commands provided in the resources, but you can check the plugin version via WordPress admin or by running a command like `wp plugin list` if WP-CLI is installed. Additionally, scanning for suspicious scripts in pages rendered by the shortcode or reviewing database entries for injected scripts may help detect exploitation. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Download Manager plugin to version 3.3.19 or later, which includes a fix that properly escapes the image alt attribute and other user-supplied inputs to prevent stored cross-site scripting attacks. If updating immediately is not possible, restrict author-level and higher user access to trusted users only, and consider disabling or limiting the use of the wpdm_user_dashboard shortcode until the patch is applied. Applying input sanitization and output escaping as demonstrated in the 3.3.19 update is essential to mitigate the risk. [1, 3]