WSM Downloader <= 1.4.0 is vulnerable to Domain Name Restriction Bypass vulnerability

The WSM Downloader for WordPress is vulnerable to domain bypass due to insufficient hostname validation in the wsmd_user_download_request AJAX action in versions up to, and including, 1.4.0. This makes it possible for unauthenticated attackers to bypass domain name restrictions on download links to download files from non-acceptable files.