Description
The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting
Affected products
- Unknown / Download Manager3.2.44 – 3.2.44
Exploits & PoCs
- nucleiWordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scriptingby ritikchaddha