CVE-2015-9442
The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin.
6.5CVSS
6.2AI Score
0.001EPSS