CVE-2017-18032

Published: 2018-01-16T09:29Z

Last Modified: 2025-03-21T16:07Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt