The Download Manager WordPress plugin prior to 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wpdownloadmanager download manager |