The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-11-01T08:46:20

Updated: 2024-08-03T19:42:16.966Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24773

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-01T09:15:09.243

Modified: 2024-11-21T05:53:44.187

Link: CVE-2021-24773

cve-icon Redhat

No data.