9.8CVSS
9.9AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.001EPSS
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2
4.8CVSS
4.8AI Score
0.001EPSS
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access ...
5.4CVSS
4.4AI Score
0.001EPSS