Exploit for WordPress Download Manager 3.2.43 Cross Site Scripting CVE-2022-2101

Name: Exploit for WordPress Download Manager 3.2.43 Cross Site Scripting CVE-2022-2101
Rating: 5 (241 reviews)

2022-06-22 | CVSS -0.2

## https://sploitus.com/exploit?id=PACKETSTORM:167573
Exploit Title: Download Manager Cross-Site Scripting  
Date: 2022-06-16  
Exploit Author : Andrea Bocchetti  
Vendor Homepage : https://wordpress.org/plugins/download-manager/  
Version : <= 3.2.43  
Tested on: windows  
CVE : CVE-2022-2101  
  
######## Description ########  
# 1-) Login in the plugin page  
# 2-) add the xss payload in the field "Insert URL"  
# 3-) Click on the link , the JS code will be interpreted.