CVE-2016-10964
CVE-2016-10964 affects the WordPress dwnldr plugin, versions before 1.01. The vulnerability is an XSS via the User-Agent HTTP header in the download handling logic. Public records include an unauthenticated stored XSS PoC and advisories noting the issue. Impact, as stated, is script execution whe...