CVE-2024-11740

Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions up to, and including, 3.3.03

Description The issue is due to the software allowing users to execute an action that does not properly validate a value before running do shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The vulnerability is related to the execution of an action that does not correctly validate a value, allowing the execution of arbitrary shortcodes.

Recommendations For versions up to, and including, 3.3.03, update to a version later than 3.3.03 to resolve the issue. As a temporary workaround, consider disabling the execution of shortcodes until a patch is available. Restrict access to the do shortcode function to minimize the risk of exploitation.