5 matches found
CVE-2024-10706
The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10706
The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10706
CVE-2024-10706 affects the WordPress plugin Download Manager (versions before 3.3.03). The issue is a Stored XSS vulnerability due to inadequate sanitization/escaping of certain settings, potentially allowing high-privilege users (e.g., admins) to execute scripts even when unfiltered_html is disa...
CVE-2024-10706 Download Manager < 3.3.03 - Admin+ Stored XSS
The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10706 Download Manager < 3.3.03 - Admin+ Stored XSS
The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...