CVE-2025-4367: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in codename065 Download Manager
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2025-4367 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Download Manager plugin developed by codename065 for WordPress. This vulnerability exists in all versions up to and including 3.3.18. The root cause is insufficient input sanitization and output escaping on user-supplied attributes within the plugin's wpdm_user_dashboard shortcode. Specifically, authenticated users with author-level privileges or higher can inject arbitrary malicious scripts into pages rendered by the plugin. These scripts execute in the context of any user who views the affected page, potentially leading to session hijacking, privilege escalation, or unauthorized actions performed on behalf of the victim user. The vulnerability is classified under CWE-80, which pertains to improper neutralization of script-related HTML tags. The CVSS v3.1 base score is 6.4, indicating a medium severity level. The vector string (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) indicates that the attack can be performed remotely over the network with low attack complexity, requires privileges equivalent to an author role, does not require user interaction, and impacts confidentiality and integrity with a scope change (meaning the vulnerability can affect resources beyond the initially vulnerable component). No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability’s exploitation could allow attackers to steal sensitive information, manipulate content, or perform actions on behalf of other users, especially administrators, thereby compromising the integrity and confidentiality of affected WordPress sites using this plugin.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for those relying on WordPress websites with the Download Manager plugin installed. The ability for an authenticated author-level user to inject persistent malicious scripts can lead to data breaches, unauthorized access to sensitive information, and potential defacement or manipulation of web content. Organizations in sectors such as e-commerce, government, education, and media, which often use WordPress for content management, could face reputational damage and regulatory penalties under GDPR if personal data is compromised. The scope change in the vulnerability means that the impact could extend beyond the plugin itself, potentially affecting other parts of the website or connected systems. Given that the attack does not require user interaction and can be executed remotely, the risk of automated exploitation or lateral movement within the network increases. Although no active exploits are reported yet, the medium severity score suggests that attackers with moderate skills could exploit this vulnerability to gain footholds or escalate privileges within affected sites. This could be particularly impactful for organizations with multiple authors or contributors who have elevated privileges, as the attack vector relies on such roles.
Mitigation Recommendations
1. Immediate mitigation should include restricting author-level privileges to trusted users only, minimizing the number of users with such access. 2. Implement strict input validation and output encoding on all user-supplied data, especially within the wpdm_user_dashboard shortcode, to prevent script injection. 3. Monitor and audit user-generated content for suspicious scripts or HTML tags that could indicate exploitation attempts. 4. Employ Web Application Firewalls (WAFs) with custom rules to detect and block common XSS payloads targeting this plugin. 5. Until an official patch is released, consider disabling or removing the Download Manager plugin if it is not critical to operations. 6. Educate content authors and administrators about the risks of XSS and safe content practices. 7. Regularly update WordPress core and plugins to the latest versions once a patch for this vulnerability is available. 8. Use Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected web pages. 9. Conduct penetration testing focusing on XSS vectors in the affected plugin to identify any additional weaknesses. These steps go beyond generic advice by focusing on role-based access control, proactive monitoring, and layered defenses specific to the plugin’s functionality and the nature of the vulnerability.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden, Belgium, Austria
CVE-2025-4367: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in codename065 Download Manager
Description
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2025-4367 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Download Manager plugin developed by codename065 for WordPress. This vulnerability exists in all versions up to and including 3.3.18. The root cause is insufficient input sanitization and output escaping on user-supplied attributes within the plugin's wpdm_user_dashboard shortcode. Specifically, authenticated users with author-level privileges or higher can inject arbitrary malicious scripts into pages rendered by the plugin. These scripts execute in the context of any user who views the affected page, potentially leading to session hijacking, privilege escalation, or unauthorized actions performed on behalf of the victim user. The vulnerability is classified under CWE-80, which pertains to improper neutralization of script-related HTML tags. The CVSS v3.1 base score is 6.4, indicating a medium severity level. The vector string (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) indicates that the attack can be performed remotely over the network with low attack complexity, requires privileges equivalent to an author role, does not require user interaction, and impacts confidentiality and integrity with a scope change (meaning the vulnerability can affect resources beyond the initially vulnerable component). No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability’s exploitation could allow attackers to steal sensitive information, manipulate content, or perform actions on behalf of other users, especially administrators, thereby compromising the integrity and confidentiality of affected WordPress sites using this plugin.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for those relying on WordPress websites with the Download Manager plugin installed. The ability for an authenticated author-level user to inject persistent malicious scripts can lead to data breaches, unauthorized access to sensitive information, and potential defacement or manipulation of web content. Organizations in sectors such as e-commerce, government, education, and media, which often use WordPress for content management, could face reputational damage and regulatory penalties under GDPR if personal data is compromised. The scope change in the vulnerability means that the impact could extend beyond the plugin itself, potentially affecting other parts of the website or connected systems. Given that the attack does not require user interaction and can be executed remotely, the risk of automated exploitation or lateral movement within the network increases. Although no active exploits are reported yet, the medium severity score suggests that attackers with moderate skills could exploit this vulnerability to gain footholds or escalate privileges within affected sites. This could be particularly impactful for organizations with multiple authors or contributors who have elevated privileges, as the attack vector relies on such roles.
Mitigation Recommendations
1. Immediate mitigation should include restricting author-level privileges to trusted users only, minimizing the number of users with such access. 2. Implement strict input validation and output encoding on all user-supplied data, especially within the wpdm_user_dashboard shortcode, to prevent script injection. 3. Monitor and audit user-generated content for suspicious scripts or HTML tags that could indicate exploitation attempts. 4. Employ Web Application Firewalls (WAFs) with custom rules to detect and block common XSS payloads targeting this plugin. 5. Until an official patch is released, consider disabling or removing the Download Manager plugin if it is not critical to operations. 6. Educate content authors and administrators about the risks of XSS and safe content practices. 7. Regularly update WordPress core and plugins to the latest versions once a patch for this vulnerability is available. 8. Use Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected web pages. 9. Conduct penetration testing focusing on XSS vectors in the affected plugin to identify any additional weaknesses. These steps go beyond generic advice by focusing on role-based access control, proactive monitoring, and layered defenses specific to the plugin’s functionality and the nature of the vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-05-05T18:08:42.449Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68538ba433c7acc0460837eb
Added to database: 6/19/2025, 4:01:40 AM
Last enriched: 6/19/2025, 4:17:27 AM
Last updated: 8/12/2025, 8:44:34 PM
Views: 32
Related Threats
CVE-2025-8991: Business Logic Errors in linlinjava litemall
MediumCVE-2025-8990: SQL Injection in code-projects Online Medicine Guide
MediumCVE-2025-8940: Buffer Overflow in Tenda AC20
HighCVE-2025-8939: Buffer Overflow in Tenda AC20
HighCVE-2025-50518: n/a
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.