Unfiltered HTML Capability Bypass in WordPress Download Manager Plugin
CVE-2021-24773 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed
Learn more about our Wordpress Pen Testing.