CVE-2021-24969: 
WordPress vulnerability analysis and mitigation

The WordPress Download Manager plugin (versions before 3.2.22) was found to contain a stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2021-24969. The vulnerability was discovered by Krzysztof Zając and publicly disclosed on November 29, 2021. The security issue affects the template functionality of the plugin, where authenticated users, including those with subscriber-level access, could exploit the vulnerability (WPScan Advisory).

The vulnerability stems from improper sanitization and escaping of Template data before it is output in various pages, including the admin dashboard and frontend. The security flaw is specifically related to the wpdmsavetemplate AJAX action, which lacks proper authorization and CSRF checks. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility with low attack complexity (NVD Database).

The vulnerability allows authenticated users, even those with minimal privileges such as subscribers, to perform Cross-Site Scripting attacks. The XSS payload can be triggered in two ways: through tpl[content] when previewing templates (affecting admin users), and through tpl[css] which affects all frontend pages and template previews (WPScan Advisory).

The vulnerability has been patched in WordPress Download Manager version 3.2.22. Users are advised to update to this version or later to mitigate the security risk (WPScan Advisory).