The download-manager plugin prior to 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wpdownloadmanager wordpress download manager |