CVE-2025-10146

Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions prior to 3.3.24

Description The WordPress Download Manager plugin is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, potentially leading to execution if a user is tricked into performing an action, such as clicking a malicious link. The vulnerability is located in the user ids parameter.

Recommendations Update the Download Manager plugin to version 3.3.24 or later.