The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the frameid parameter found in the ~/src/Package/views/shortcode-iframe.php file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Wordpress_download_manager | Wpdownloadmanager | * | 3.2.42 (including) |