CVE-2026-14343
Summary: The Download Manager plugin for WordPress (up to version 3.3.61) is vulnerable to Stored Cross-Site Scripting via the 'note_before' and 'note_after' Shortcode Attributes. Impact and details (as stated): Authenticated attackers with contributor-level access can inject arbitrary web script...