CVE-2025-6586
- EPSS 0.15%
- Veröffentlicht 04.07.2025 01:44:03
- Zuletzt bearbeitet 09.07.2025 17:50:13
The Download Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dpwap_plugin_locInstall function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attacke...
CVE-2024-9829
- EPSS 0.34%
- Veröffentlicht 23.10.2024 06:15:11
- Zuletzt bearbeitet 25.10.2024 16:30:44
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. Th...
CVE-2022-36345
- EPSS 0.09%
- Veröffentlicht 28.05.2023 20:15:09
- Zuletzt bearbeitet 21.11.2024 07:12:49
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions.
CVE-2021-25059
- EPSS 0.24%
- Veröffentlicht 28.11.2022 14:15:10
- Zuletzt bearbeitet 25.04.2025 15:15:29
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy ...
CVE-2021-24703
- EPSS 0.12%
- Veröffentlicht 23.11.2021 20:15:09
- Zuletzt bearbeitet 21.11.2024 05:53:35
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.