Our team at CourseVector is dedicated to providing top-notch managed hosting services, constantly monitoring and resolving issues to keep our clients’ websites secure and running smoothly. Recently, we addressed a vulnerability in the Download Manager plugin for WordPress, where versions up to 3.2.90 were susceptible to stored cross-site scripting (XSS) via the ‘wpdm-all-packages’ shortcode. This vulnerability, identified as CVE-2024-4160, allowed authenticated users with contributor-level access to inject malicious scripts. By promptly fixing such vulnerabilities, we ensure our clients’ sites remain protected, and we keep them informed about our continuous efforts to safeguard their online presence.