How severe is CVE-2024-11740?

CVE-2024-11740 has a CVSS v3 score of 7.3 (HIGH).

CVE-2024-11740

Name: download_manager
Author: w3eden

7.3HIGH

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an acti

Published: 12/19/2024Updated: 3/21/2025

Description

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

AI AnalysisPowered by AI

Affected Products

w3edendownload_manager

References

https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/Hooks.php#L42
Product
https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/views/shortcode-iframe.php#L203
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/4a7be578-5883-4cd3-963d-bf81c3af2003?source=cve
Third Party Advisory