Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting (XSS) vulnerability that they discovered in Download Manager, a WordPress plugin installed on over 100,000 sites. It was assigned a vulnerability identifier of CVE-2022-1985.
All Wordfence users, including Free, Premium, Care, and Response, are protected from exploits targeting this vulnerability thanks to the Wordfence Firewall’s built-in Cross-Site Scripting protection.
Even though Wordfence provides protection against this vulnerability, we strongly recommend ensuring that your site has been updated to the latest patched version of Download Manager, which is version 3.2.43 at the time of this publication.
As usual, all ProtectYourWP clients who use Download Manager have already been updated.
Source and more details: https://www.wordfence.com/blog/2022/06/security-vulnerability-download-manager-plugin