2 matches found
CVE-2023-6954
CVE-2023-6954 affects the WordPress Download Manager Pro plugin up to version 3.2.85. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient input sanitization and output escaping in the plugin’s shortcode attributes, enabling authenticated attackers with contributor...
WordPress Download Manager Plugin <= 3.2.85 is vulnerable to Cross Site Scripting (XSS)
Software Download Manager Type Plugin Vulnerable versions = 3.2.85 Fixed in 3.2.86 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6954 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 79b3ad08af1c Credits Richard Telleng...