This post provides the details of a vulnerability in the WordPress plugin WordPress Download Manager not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to customers of that service. If you are not currently a customer, you can sign up for free here and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.
As part of our work to further improve our Plugin Security Checker, an automated tool anyone can use to check to see if a WordPress plugin possibly contains security issues, we log the results of check for plugins in the Plugin Directory and do spot checks of those. Through that we found that the plugin, Download Manager, which has 100,000+ active installations according to wordpress.org, contains a reflected cross-site scripting (XSS) vulnerability.
If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.