WordPress Download Manager plugin <= 3.2.93 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpdmmodalloginform Shortcode vulnerability discovered by Thanh Nam Tran in WordPress Plugin Download Manager versions = 3.2.93...

WordPress Download Manager Plugin <= 3.2.93 is vulnerable to Cross Site Scripting (XSS)

Software Download Manager Type Plugin Vulnerable versions = 3.2.93 Fixed in 3.2.94 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4001 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 129db680980a Credits Thanh Nam Tran Requir...