How severe is CVE-2024-10706?

CVE-2024-10706 has a CVSS v3 score of 4.8 (MEDIUM).

CVE-2024-10706

Name: download_manager
Author: w3eden

4.8MEDIUM

The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac

Published: 12/20/2024Updated: 4/17/2025

Description

The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

AI AnalysisPowered by AI

Affected Products

w3edendownload_manager

References

https://wpscan.com/vulnerability/01193420-9a4c-4961-93b6-aa2e37e36be1/
ExploitThird Party Advisory