CVE-2025-7387

Name of the Vulnerable Software and Affected Versions: Lana Downloads Manager versions prior to 1.10.0

Description: The Lana Downloads Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through insufficient input sanitization and output escaping on user-supplied attributes within endpoint parameters. This allows authenticated attackers with administrator-level or higher permissions to inject arbitrary web scripts into pages, which will execute when a user accesses the injected page.

Recommendations: Update Lana Downloads Manager to a version later than 1.10.0.