3 matches found
CVE-2025-4367
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdmuserdashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Download Manager plugin <= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode vulnerability
Authenticated Author+ Stored Cross-site Scripting via wpdmuserdashboard Shortcode vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin Download Manager versions = 3.3.18...
CVE-2025-4367
The CVE CVE-2025-4367 covers the WordPress Download Manager plugin (versions ≤ 3.3.18) with a stored XSS vulnerability exposed via the wpdm_user_dashboard shortcode. Root cause: insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers with ...