Unrated severityNVD Advisory· Published Nov 1, 2021· Updated Aug 3, 2024
WordPress Download Manager < 3.2.16 - Admin+ Stored Cross-Site Scripting
CVE-2021-24773
Description
The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WordPress Download Managerdescription
- Range: <3.2.16
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/aab2ddbb-7675-40fc-90ee-f5bfa8a5b995mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.