CVE-2025-7387: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in lanacodes Lana Downloads Manager
The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2025-7387 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Lana Downloads Manager plugin for WordPress, affecting all versions up to and including 1.10.0. This vulnerability arises due to improper neutralization of input during web page generation, specifically insufficient sanitization and escaping of user-supplied parameters in the plugin's endpoint. An authenticated attacker with administrator-level or higher privileges can exploit this flaw by injecting arbitrary malicious scripts into pages managed by the plugin. These scripts are then stored persistently and executed whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions on behalf of the victim. The vulnerability has a CVSS v3.1 base score of 5.5 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), scope changed (S:C), and low impact on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS attacks. Since the attack requires administrator-level authentication, the threat is limited to environments where such access can be obtained or compromised. However, the stored nature of the XSS makes it particularly dangerous as it can affect multiple users accessing the infected pages.
Potential Impact
For European organizations using WordPress sites with the Lana Downloads Manager plugin, this vulnerability poses a moderate risk. The ability for an attacker with admin privileges to inject persistent malicious scripts can lead to unauthorized actions, data leakage, or further compromise of user accounts and site integrity. Given that WordPress is widely used across Europe for business and governmental websites, any organization relying on this plugin could face reputational damage, data confidentiality breaches, and potential regulatory non-compliance under GDPR if personal data is exposed. The scope of impact is somewhat limited by the requirement for high-level privileges, but insider threats or compromised administrator accounts could enable exploitation. Additionally, the cross-site scripting could be leveraged to bypass security controls or deliver secondary payloads, increasing the attack surface. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as threat actors often weaponize such vulnerabilities once publicly disclosed.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify the presence of the Lana Downloads Manager plugin and verify its version. Until an official patch is released, administrators should consider disabling or uninstalling the plugin to eliminate exposure. If removal is not feasible, strict access controls should be enforced to limit administrator account usage and implement multi-factor authentication to reduce the risk of credential compromise. Web application firewalls (WAFs) can be configured to detect and block suspicious input patterns targeting the vulnerable endpoint parameters. Additionally, security teams should monitor logs for unusual administrator activities and conduct regular vulnerability scans. Organizations should also educate administrators about the risks of XSS and the importance of sanitizing inputs when managing plugins or custom code. Once a patch is available, prompt application of updates is critical. Implementing Content Security Policy (CSP) headers can further mitigate the impact of injected scripts by restricting script execution sources.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden, Belgium, Austria
CVE-2025-7387: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in lanacodes Lana Downloads Manager
Description
The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2025-7387 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Lana Downloads Manager plugin for WordPress, affecting all versions up to and including 1.10.0. This vulnerability arises due to improper neutralization of input during web page generation, specifically insufficient sanitization and escaping of user-supplied parameters in the plugin's endpoint. An authenticated attacker with administrator-level or higher privileges can exploit this flaw by injecting arbitrary malicious scripts into pages managed by the plugin. These scripts are then stored persistently and executed whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions on behalf of the victim. The vulnerability has a CVSS v3.1 base score of 5.5 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), scope changed (S:C), and low impact on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS attacks. Since the attack requires administrator-level authentication, the threat is limited to environments where such access can be obtained or compromised. However, the stored nature of the XSS makes it particularly dangerous as it can affect multiple users accessing the infected pages.
Potential Impact
For European organizations using WordPress sites with the Lana Downloads Manager plugin, this vulnerability poses a moderate risk. The ability for an attacker with admin privileges to inject persistent malicious scripts can lead to unauthorized actions, data leakage, or further compromise of user accounts and site integrity. Given that WordPress is widely used across Europe for business and governmental websites, any organization relying on this plugin could face reputational damage, data confidentiality breaches, and potential regulatory non-compliance under GDPR if personal data is exposed. The scope of impact is somewhat limited by the requirement for high-level privileges, but insider threats or compromised administrator accounts could enable exploitation. Additionally, the cross-site scripting could be leveraged to bypass security controls or deliver secondary payloads, increasing the attack surface. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as threat actors often weaponize such vulnerabilities once publicly disclosed.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify the presence of the Lana Downloads Manager plugin and verify its version. Until an official patch is released, administrators should consider disabling or uninstalling the plugin to eliminate exposure. If removal is not feasible, strict access controls should be enforced to limit administrator account usage and implement multi-factor authentication to reduce the risk of credential compromise. Web application firewalls (WAFs) can be configured to detect and block suspicious input patterns targeting the vulnerable endpoint parameters. Additionally, security teams should monitor logs for unusual administrator activities and conduct regular vulnerability scans. Organizations should also educate administrators about the risks of XSS and the importance of sanitizing inputs when managing plugins or custom code. Once a patch is available, prompt application of updates is critical. Implementing Content Security Policy (CSP) headers can further mitigate the impact of injected scripts by restricting script execution sources.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-07-09T10:48:40.617Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686f53a1a83201eaaca567f2
Added to database: 7/10/2025, 5:46:09 AM
Last enriched: 7/10/2025, 6:01:08 AM
Last updated: 7/10/2025, 1:31:19 PM
Views: 6
Related Threats
CVE-2025-6395: NULL Pointer Dereference in Red Hat Red Hat Enterprise Linux 10
MediumCVE-2025-53364: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere in parse-community parse-server
MediumCVE-2025-46835: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in j6t git-gui
HighCVE-2025-46334: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in j6t git-gui
HighCVE-2025-27614: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in j6t gitk
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.