WordPress Download Manager <= 2.9.93 – Authenticated Cross-Site Scripting (XSS)

  exploits
Description
In the pro features of the WordPress download manager plugin, there is a Category Short-code feature witch can use to sort categories with order by a function which will be used as ?orderby=title,publish_date . By adding parameter "> and add any XSS payload , the xss payload will execute. To reproduce, 1. Go to the link where we can find ?orderby 2. Add parameters >” and give simple payload like <script>alert(1)</script> 3. The payload will execute. Another reflected cross-site scripting via advance search .