CVE-2016-10964

CVE-2016-10964

EPSS 1.0%

The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://rastating.github.io/dwnldr-1-0-stored-xss-disclosure/https://wordpress.org/plugins/dwnldr/#developers