CVE-2024-1766

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level acces...

WordPress Download Manager plugin <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Self-Based Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Download Manager versions = 3.2.86...

PT-2024-18287 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to, and including, 3.2.86 Description: The issue is related to Stored Cross-Site Scripting via a user's Display Name due to insufficient input sanitization and output escaping. This allows...

WordPress plugin Download Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability previously existed...