I am desperate to find some help with a possible security issue on my server. I run 2 instances of WordPress, using Download Manager (Free). The download pages are not public pages; they are password-protected.
However, I am frequently finding users IP addresses being flagged and blocked with a Critical Alert for cross site scripting – that points to: /wp-content/plugins/download-manager/js/jquery.cookie.js
I see references to the jquery.cookie.js file being outdated in this plugin. Is that a possible security issue?
I run mod security on my server, and need to know if safe to disable the lfd rule that is causing general users to be blocked from accessing the server (not specifically the download-manager files).
`