CVE-2017-18032

Name of the Vulnerable Software and Affected Versions: WordPress download-manager plugin versions prior to 2.9.52

Description: The issue concerns a security problem where an attacker can exploit the id parameter in a wpdm generate password action to wp-admin/admin-ajax.php API endpoint, leading to a potential XSS attack.

Recommendations: For versions prior to 2.9.52, update the download-manager plugin to version 2.9.52 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp-admin/admin-ajax.php API endpoint or avoiding the use of the id parameter in the wpdm generate password action until the update is applied.