W3eden: >> Download Manager >> 3.2.57 Security Vulnerabilities
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-04-18
The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-01-16
Page 3