What the vulnerability does
01Description
Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions.
CVE-2021-44760
MEDIUM
CVE-2021-44760: WordPress WP-DownloadManager plugin <= 1.68.6 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability
CVSS base score
4.8/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Key dates
02Disclosure timeline
March 18, 2022
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-68858 WordPress wpCAS plugin <= 1.07 - Cross Site Scripting (XSS) vulnerability
CVE-2026-3362 Short Comment Filter <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Minimum Count' Setting
CVE-2024-2726 Stored Cross-Site Scripting (Stored-XSS) vulnerability in the CIGESv2 system
CVE-2023-4534 NeoMind Fusion Platform Link cross site scripting
CVE-2024-2242 Contact Form 7 <= 5.9 - Reflected Cross-Site Scripting
