Z-Downloads < 1.11.7 - Cross-Site Scripting (CVE-2024-8673)

The plugin does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript.

该插件未能对上传的文件进行恰当的验证，导致恶意 JavaScript 代码封装的 SVG 文件得以上传。