The plugin does not escape some of the download settings (such as download_path, download_path_url and download_page_url), which could allow high privilege users to perform Cross-Site Scripting attacks
CPE | Name | Operator | Version |
---|---|---|---|
wp-downloadmanager | lt | 1.68.7 |