Medium severity6.1NVD Advisory· Published Jan 16, 2018· Updated Jun 17, 2026
CVE-2017-18032
CVE-2017-18032
Description
The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.9.52+ 1 more
- (no CPE)range: <2.9.52
- (no CPE)range: <2.9.52
Patches
Vulnerability mechanics
References
2- security.dxw.com/advisories/xss-download-manager/nvdExploitThird Party Advisory
- wordpress.org/plugins/download-manager/nvdProductRelease Notes
News mentions
0No linked articles in our index yet.