CVE-2024-8703

Name of the Vulnerable Software and Affected Versions Z-Downloads WordPress plugin versions prior to 1.11.6

Description The issue arises from the plugin's failure to properly sanitise and escape certain parameters when they are displayed on the page. This oversight could allow unauthenticated visitors to perform Cross-Site Scripting attacks when they access shared URLs.

Recommendations For versions prior to 1.11.6, update to version 1.11.6 or later to resolve the issue. As a temporary workaround, consider restricting access to shared URLs to minimize the risk of exploitation.