On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making it one of the most popular download management plugins. The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using the plugin’s shortcode.
You may also like
How to Improve Accessibility on Your WordPress Site
Do you want to improve accessibility on your...
WordPress 6.5 Release Candidate 4
The latest release candidate (RC4) for WordPress...
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 18, 2024 to March 24,...
Did you know we’re running a Bug Bounty...